Troubleshooting

Link LED is off.

Ensure the Secure Content Accelerator is powered on. Ensure the cable connections are secure. Ensure you are using the correct type of cable (straight-through to connect to a switch or hub; crossover to connect to NIC. Ensure cables are properly wired.

One Power LED is unlit.

Ensure the Secure Content Accelerator has power. Check the associated power switch, power cord, and power source.

The Secure Content Accelerator seems to have locked up.

Reboot the Secure Content Accelerator either by pressing the reset switch or using the reload command in the configuration manager. If the problem continues, press and hold the reset switch for two seconds. In either case, the configuration stored in the flash memory is used when the Secure Content Accelerator reboots.

The configuration manager cannot find the appliance on the network (hardware).

Make sure the cable segment is compliant with 100Base-TX recommendations. The length should not exceed 100 meters (328 feet). Make sure the speed and duplex settings on the SSL device and other networking hardware agree. Using the configuration manager, enter the show interface command to display the settings for the appliance Ethernet interfaces. Make sure you have a valid networking topology.

The configuration manager cannot find the appliance on the network (software).

Make sure the computer you are using the configure the device or module is on the same subnet and VLAN (if applicable) as the appliance. Once the appliance is configured with an IP address, you can attach it from any point in the network by using the attach ip command. If you are running the configuration manager and install a new device, enter the discover command to find new devices in the same broadcast domain.

Make sure remote management and/or telnet management are enabled, as appropriate. Use the show device command using a serial management session to verify management access. If remote management is disabled, enter Configuration mode and use the remote-management enable command. If telnet management is disabled, use the telnet enable command. Also verify the TCP port specified for management sessions. If you have changed the remote management port from the default, you must use the discover port command, where port is the TCP port.

The device might be operating in FIPS Mode. Remote management is unavailable in FIPS Mode. Use a serial management session to connect to the device.

The GUI cannot connect to the device.

Use any CLI configuration manager method to ensure that web management is enabled. Attach to the appliance, if necessary, show device command. If web management is not enabled, use the web-mgmt enable command in Configuration mode to enable it. If you are attempting to connect to appliance from the client side ("Network" port) in two-port mode, you must first set up a secure server. See "Configuring for Client-Side Access" in Chapter 6 for more instructions. If you have changed the IP address during a GUI management session, automatic redirection may not occur in certain situations, such as when changing to a different subnet. If the connection is not redirected, manually connect to the device as before. If you still are unable to connect, use the serial configuration manager to check the appliance configuration and try again.

The device might be operating in FIPS Mode. Web management is unavailable in FIPS Mode. Use a serial management session to connect to the device.

The serial management CLI prompt contains "[FIPS]".

The device is operating in FIPS Mode. If you wish to return the device to normal operation, use the Privileged Mode command no fips enable. See "Returning to Normal Operation" in Chapter 6 for more information.

Only the "fips" security policy is available when configuring servers.

The device is operating in FIPS Mode. Only security policies containing FIPS 140-2-compliant algorithms are available in FIPS Mode.

One or more servers is unavailable for configuration.

The device might be operating in FIPS Mode. Only servers configured with FIPS 140-2-compliant algorithms are available.