B Troubleshooting76System ConnectivityA number of problems with EFW can be solved by checking the system connectivity andthe binding between the components of the EFW system.Policy Server-to-NIC Communication CheckTo determine if Policy Server-to-NIC communication is functioning as expected, follow thesteps below.1 Verify that the Policy Server can reach the NIC.a From the NIC window in the Management Console, click the Status button to see ifthe server can reach the NIC.b Ping from the Policy Server to the IP address of the NIC. If this ping fails, you mayhave a network outage or a network routing issue to resolve.c Verify that any intervening firewalls allow UDP traffic from the Policy Server to theNIC, as well as UDP traffic from ephemeral ports on the secured computer hostingthe NIC to the Policy Server's ports.d If you have network-monitoring software, use it to determine where thecommunication breakdown is occurring. You can also view the domain settings inthe Management Console to determine which ports are being used by the PolicyServer for communication with the NICs. This information assists you in identifyingEFW traffic using your network-monitoring software.2 Verify that the NIC identifies the Policy Server as its assigned Policy Server andrecognizes communication from this Policy Server. Make sure the Policy Server is listed as the primary Policy Server on the NICinformation window, or as a backup for the NIC's primary Policy Server in thePolicy Server information window. If it isn’t listed, the NIC does not respond tocommunications from that Policy Server. Therefore, you need to change the PolicyServer assignment. If the Policy Server assignment is correct, continue to the nextbullet. Check the embdfw.ini file (under the system or system32 folder on the securedcomputer) to verify that the IP address of the Policy Server is listed in this file. If itisn’t listed, the NIC is unlikely to respond to communications from the Policy Server.If you do not find the IP address for the Policy Server in this file, but the NICassignment to the Policy Server was correct in the Management Console, aconfiguration update to the NIC could have failed due to network problems. Thisfailure is automatically corrected at the next heartbeat. To immediately correct theproblem, you can manually add the correct IP addresses of the NIC's Policy Serversto the embdfw.ini file, and reboot the secured computer. NAT boxes must preserve the Policy Server's IP address and ports in packets sent tothe NIC. Otherwise, the NIC does not recognize these packets as coming from itsPolicy Server. The NIC and Policy Server must agree on communication ports, or the NIC does notrecognize traffic from the Policy Server. The embdfw.ini file identifies the controland audit ports the NIC uses for communication with the Policy Server. The DomainSettings window in the Management Console identifies the Policy Server's ports.If these are inconsistent, you should uninstall and then reinstall the EFW NIC.NOTE: Make sure to use an installation image that you created while connected toa Policy Server in the domain to which your NIC belongs.