Print topic

Firebox System Manager Status Report Example

The Status Report tab in Firebox System Manager contains the Firebox Status Report. This report includes information about all the processes that are currently running on your Firebox, the ARP table, interface and routing metrics, and other information about the current status and configuration of your device. You can use the Status Report to monitor the performance of your Firebox and the traffic through the device. You can also use the Status Report when you work with Technical Support to troubleshoot issues.

The example sections below are from a Firebox X8500e Status Report.

Uptime, version and serial number information

At the top of the Status Report, the system time, uptime for the Firebox, and the version numbers of the major software components appear. The serial number and model number of the Firebox are also included.

Current UTC time : Fri Aug 29 22:14:19 2008
System UP time : 382h 41m 35s
Copyright (c) 1996-2008 WatchGuard Technologies, Inc
Fireware Version: 10.2, build: 185259
pmm: Version 10.2, Build 185259, Patch 2, Aug 09 2008 10:21
RCE Module: Version 10.2, Build 185259, Patch 2,  Aug 09 2008 10:21 

Serial Number: 909700586DD5C
Product Type: Firebox X8500e

Firebox components status

The Firebox Modular Components section contains the state, version number, and build information for each Fireware module on the Firebox.

**
** Firebox Modular Components
**
Module         State     Version   Build Number   Build Time          Checksum  
cmm_server     Alive     10.2      185259         Aug 09 2008 10:28   3d92a8ff42a39523286578edcb
ma             Alive     10.2      185259         Aug 09 2008 10:31   33e556aedf7a8587022a493bcd
mia            Alive     10.2      185259         Aug 09 2008 10:31   87b1d01b909223e2841efe634c
iked           Alive     10.2      185259         Aug 09 2008 10:33   58a82058da174ff200299bde9c
snmpd          Alive     10.2      185259         Aug 09 2008 10:33   da286e0f6e6639a70c6d0b67ed
ham            Alive     10.2      185259         Aug 09 2008 10:23   55244c1ae1493e9d3665a9046d
tpdaemon       Alive     10.2      185259         Aug 09 2008 10:23   dc02f16ff3ed31e11961c66d19
admd           Alive     10.2      185259         Aug 09 2008 10:33   27b17c6eda4ca2ecec9faa4b58

In this example, all modules are Alive and are version 10.2.

Logging

The Logging section contains information about whether Traffic Logging or Secure Remote Logging are enabled, and the IP addresses of any configured Log Servers. To configure these settings, from Policy Manager, select Setup > Logging.

**
** Log configuration
**
Traffic Log: enable

Event Log: high
Remote Log Server: 0.0.0.0
**
** Secure Remote Logging
**
state  : enable
crypto : enable
**
** Total 1 Secure Remote Logging Server(s)
**
Type        Logging Server      
primary     192.168.54.50       

 

Memory

The amount of Firebox memory currently in use appears in the Memory section of the Status Report.

**
** Memory
**
            total:      used:       free:       shared:     buffers:    cached:                 
Mem:        1050660864  397316096   653344768   0           13877248    57061376  

In this example, the Firebox has 1Gbyte of total memory,which is the standard amount of RAM for a Firebox X8500e.

Load Average

The Load Average section contains statistics about average process load over time.

**
** Load Average
**
1-min   5-min   15-min  run-proc last-pid
0.15	0.05	0.01	2/52	14877

The Load Average is an indication of the number of jobs in the run-queue, or the run-queue length. The run-queue length is the total number of processes currently running, plus the number of processes that are on hold in the run-queue. The 1-min number is the average load for the last minute. The 5-min number is the average load for the last 5 minutes. The 15-min number is the average load for the last 15 minutes. If the Load average is high, the system is under heavy use and the response time is correspondingly slow.

In this example, an average of .15 jobs were in the run-queue over the past minute, .05 in the last five minutes, and .01 in the past 15 minutes.

The run-proc statistic has two numbers: the first number is the number of processes in the run state; the second number is the total number of processes on the device. In this example, the run-proc is 2/52, which means there are 2 current processes from a total of 52 on the Firebox.

The last-pid is the PID (process ID) that is assigned to the next process.

Process

The Process section of the Status Report contains information about all the current processes on the Firebox.

The example below is a partial list. Your Status Report might include information about more processes.

**
** Process
**



USER       PID %CPU %MEM   VSZ  RSS STAT                  STARTED     TIME COMMAND
                                                                
root      4045  0.0  1.9 41632 20068 S   Wed Aug 27 10:59:16 2008 00:00:30 cmm_server
nobody    5060  0.0  1.5 19936 16196 S   Wed Aug 27 10:59:24 2008 00:00:01 bosscfm                                                                                                  
nobody    5086  0.0  1.5 19972 16036 S   Wed Aug 27 10:59:24 2008 00:00:00 wkrcfm-2                                                                                                 
nobody    5087  0.0  1.5 19972 16036 S   Wed Aug 27 10:59:24 2008 00:00:00 wkrcfm-3                                                                                                 
nobody    5097  0.0  1.5 19972 16036 S   Wed Aug 27 10:59:24 2008 00:00:00 wkrcfm-4                                                                                                 
root       461  0.0  0.6  9676 6912 S    Wed Aug 13 16:32:52 2008 00:00:06 /usr/wgrd/bin/sigd
root      5062  0.0  0.3 13344 3268 S    Wed Aug 27 10:59:24 2008 00:00:00 iked
root      5061  0.0  0.2 13436 3044 S    Wed Aug 27 10:59:24 2008 00:00:00 snmpd
root      5064  0.0  0.2  3608 2232 S    Wed Aug 27 10:59:24 2008 00:00:01 dvcpcd
root       870  0.0  0.1  4436 1948 S    Wed Aug 13 16:32:59 2008 00:00:00 /usr/wgrd/bin/sshd -p 4118
root      5052  0.0  0.1 12456 1932 S    Wed Aug 27 10:59:24 2008 00:00:08 mia

root      5059  0.0  0.1  4656 1880 S    Wed Aug 27 10:59:24 2008 00:00:00 admd
root      5054  0.0  0.1 12144 1620 S    Wed Aug 27 10:59:24 2008 00:00:00 ma
root      5023  0.0  0.1  4024 1500 S    Wed Aug 27 10:59:21 2008 00:00:00 /usr/local/sbin/pptpd
root      4041  0.0  0.1  2528 1460 S    Wed Aug 27 10:59:08 2008 00:00:00 xdb_server -r /usr/wgrd/db/cmm/
root      5067  0.0  0.1  5140 1452 S    Wed Aug 27 10:59:24 2008 00:00:00 /usr/wgrd/bin/fw_user_auth
root      5136  0.0  0.1  4428 1276 S    Fri Aug 29 15:01:22 2008 00:00:00 user_auth                                          
root      4044  0.0  0.1  2476 1132 S    Wed Aug 27 10:59:16 2008 00:00:00 ham

root       474  0.0  0.0  1892 1020 S    Wed Aug 13 16:32:53 2008 00:00:00 /bin/sh /usr/wgrd/bin/do_restart.sh
root      4043  0.0  0.0 27788 1020 S    Wed Aug 27 10:59:16 2008 00:00:00 tpdaemon
root       864  0.6  0.0  2764  980 S    Wed Aug 13 16:32:59 2008 02:29:01 lcdmenu

root       460  0.0  0.0  1880  952 S    Wed Aug 13 16:32:52 2008 00:00:00 /bin/sh /usr/wgrd/bin/sigd_monitor
root      5065  0.0  0.0  1800  884 S    Wed Aug 27 10:59:24 2008 00:00:00 monitord
root      2065  0.0  0.0  1348  584 S    Wed Aug 13 16:33:15 2008 00:00:00 crond
root         1  0.0  0.0  1312  488 S    Wed Aug 13 16:32:42 2008 00:00:04 init [3]  
root       443  0.0  0.0  1316  440 S    Wed Aug 13 16:32:51 2008 00:00:03 klogd -x
root      2068  0.0  0.0  1296  388 S    Wed Aug 13 16:33:16 2008 00:00:00 /sbin/mingetty ttyS0
root     14834  0.0  0.0  1304  292 S    Fri Aug 29 15:14:19 2008 00:00:00 sleep 2s
root         2  0.0  0.0     0    0 SW   Wed Aug 13 16:32:42 2008 00:00:00 [keventd]
root         3  0.0  0.0     0    0 SWN  Wed Aug 13 16:32:42 2008 00:00:00 [ksoftirqd_CPU0]
root         4  0.0  0.0     0    0 SW   Wed Aug 13 16:32:42 2008 00:00:00 [kswapd]
root         5  0.0  0.0     0    0 SW   Wed Aug 13 16:32:42 2008 00:00:00 [bdflush]
root         6  0.0  0.0     0    0 SW   Wed Aug 13 16:32:42 2008 00:00:00 [kupdated]
root       200  0.0  0.0     0    0 SW   Wed Aug 13 16:32:49 2008 00:00:00 [frontpanel]
root       739  0.0  0.0     0    0 SW   Wed Aug 13 16:32:54 2008 00:00:00 [cavium]

Each line in the process list includes this information:

USER

The username of the process owner.

PID

The process ID.

%CPU

The percentage of CPU capacity used by this process.

%MEM

The percentage of memory used by this process.

VSZ

Virtual memory usage.

RSS

Real memory usage.

STAT

Process status codes. These are the possible status codes:

D — Uninterruptible sleep (usually IO)

R — Runnable (on run queue)

S — Sleeping

T — Traced or stopped

Z — A defunct ("zombie") process

W — Has no resident pages

< — High-priority process

N — Low-priority task

L — Has pages locked into memory (for real-time and custom IO)

STARTED

What time the process started.

TIME

The total CPU time this process used.

COMMAND

The name of the process or command.

Network Configuration

The status of physical network interfaces on the Firebox appears in the Network Configuration section.

**
** Network Configuration
** Type:  TR = trusted, EX = external, OP = optional
**
Enabled If-# Name                    Address    Type/MTU  Status IP-Assignment
yes    0    External          192.168.54.50/24 EX/1500   up     static
yes    1    Trusted               10.0.50.1/24 TR/1500   up     static
yes    2    Optional-1             10.0.2.1/24 OP/1500   down   static
yes    3    Optional-2             1.1.1.13/32 OP/1500   down   static
no     4    Optional-3            10.0.44.1/24 OP/1500   down   static
no     5    Optional-4            10.0.55.1/24 OP/1500   down   static
no     6    Optional-5             10.0.6.1/24 OP/1500   down   static
no     7    Optional-6             10.0.7.1/24 OP/1500   down   static

For each interface, the Status Report indicates whether the interface is enabled, the name of the interface, and the IP address. It also shows the Maximum Transmission Unit (MTU), the status of the interface (up or down), and whether the IP address assignment is static or dynamic.

Blocked Sites

Information about current blocked sites and blocked site exceptions appears in this section.

*
** Total 0 Blocked-Site IP Address(es)
**
Blocked-Site                       Blocked-Type

**
** Total 0 Blocked-Site Exception IP Address(es)
**
Blocked-Site-Exception             Blocked-Type

**
** Total 0 Dynamic Blocked-Site IP Address(es)
**
** src: source, dst: destination
**
Blocked-Site   Blocked Type   Reason            Expiration  

The Blocked Sites list includes sites that are permanently blocked or allowed. To view and manage this list, from Policy Manager, select Setup > Default Threat Protection > Blocked Sites.

Temporarily blocked sites appear at the bottom of the list. To view and manage these in Firebox System Manager, select the Blocked Sites tab.

Interfaces

Configuration information and traffic statistics for each Firebox network interface appear in this section.

**
** Interfaces
**
br1	Link encap:Ethernet  HWaddr 00:90:7F:3C:3B:64 
	inet addr:10.10.10.10  Bcast:10.255.255.255  Mask:255.255.255.0
	UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
	RX packets:0 errors:0 dropped:0 overruns:0 frame:0
 	TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
	collisions:0 txqueuelen:0 
	RX bytes:0 (0.0 iB)  TX bytes:0 (0.0 iB)


br2  	Link encap:Ethernet  HWaddr 00:90:7F:3C:3B:64
	inet addr:10.10.20.10  Bcast:10.255.255.255  Mask:255.255.255.0
	UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
	RX packets:0 errors:0 dropped:0 overruns:0 frame:0
	TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
	collisions:0 txqueuelen:0 
	RX bytes:0 (0.0 iB)  TX bytes:0 (0.0 iB)


eth0	Link encap:Ethernet  HWaddr 00:90:7F:3C:3B:67  
	inet addr:192.168.54.50  Bcast:192.168.54.255  Mask:255.255.255.0
	UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
	RX packets:586166 errors:56 dropped:0 overruns:0 frame:56
	TX packets:333025 errors:0 dropped:0 overruns:0 carrier:0
	collisions:0 txqueuelen:1000 
          	RX bytes:130527522 (124.4 MiB)  TX bytes:128453608 (122.5 MiB)
	Interrupt:11 Memory:d042c000-0 


eth0:1	Link encap:Ethernet  HWaddr 00:90:7F:3C:3B:67  
	inet addr:192.168.54.51  Bcast:192.168.54.255  Mask:255.255.255.0
	UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
	Interrupt:11 Memory:d042c000-0 


eth1      Link encap:Ethernet  HWaddr 00:90:7F:3C:3B:66  
	inet addr:10.0.50.1  Bcast:10.0.50.255  Mask:255.255.255.0
	UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
	RX packets:271898 errors:0 dropped:0 overruns:0 frame:0
	TX packets:354422 errors:0 dropped:0 overruns:0 carrier:0
	collisions:0 txqueuelen:1000 
	RX bytes:114823222 (109.5 MiB)  TX bytes:104600482 (99.7 MiB)
	Interrupt:12 Memory:d0420000-0 


eth2	Link encap:Ethernet  HWaddr 00:90:7F:3C:3B:65
	inet addr:10.0.2.1  Bcast:10.0.2.255  Mask:255.255.255.0
	UP BROADCAST MULTICAST  MTU:1500  Metric:1
	RX packets:0 errors:0 dropped:0 overruns:0 frame:0
	TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
	collisions:0 txqueuelen:1000 
	RX bytes:0 (0.0 iB)  TX bytes:0 (0.0 iB)
	Interrupt:5 Memory:d0424000-0 


eth3	Link encap:Ethernet  HWaddr 00:90:7F:3C:3B:64
	inet addr:1.1.1.13  Bcast:1.1.1.13  Mask:255.255.255.255
	UP BROADCAST MULTICAST  MTU:1500  Metric:1
	RX packets:0 errors:0 dropped:0 overruns:0 frame:0
	TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
	collisions:0 txqueuelen:1000 
	RX bytes:0 (0.0 iB)  TX bytes:0 (0.0 iB)
	Interrupt:10 Memory:d0428000-0 


eth3.1	Link encap:Ethernet  HWaddr 00:90:7F:3C:3B:64 
	UP BROADCAST RUNNING PROMISC MULTICAST  MTU:1500  Metric:1
	RX packets:0 errors:0 dropped:0 overruns:0 frame:0
	TX packets:1 errors:0 dropped:0 overruns:0 carrier:0
	collisions:0 txqueuelen:0 

	RX bytes:0 (0.0 iB)  TX bytes:42 (42.0 iB)

eth3.2	Link encap:Ethernet  HWaddr 00:90:7F:3C:3B:64
	UP BROADCAST RUNNING PROMISC MULTICAST  MTU:1500  Metric:1
	RX packets:0 errors:0 dropped:0 overruns:0 frame:0
	TX packets:1 errors:0 dropped:0 overruns:0 carrier:0
	collisions:0 txqueuelen:0

	RX bytes:0 (0.0 iB)  TX bytes:42 (42.0 iB)

eth4	Link encap:Ethernet  HWaddr 00:90:7F:3C:3B:6B
	UP BROADCAST MULTICAST  MTU:1500  Metric:1
	RX packets:0 errors:0 dropped:0 overruns:0 frame:0
	TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
	collisions:0 txqueuelen:1000 
	RX bytes:0 (0.0 iB)  TX bytes:0 (0.0 iB)
	Interrupt:11 Memory:d0020000-0 


eth5	Link encap:Ethernet  HWaddr 00:90:7F:3C:3B:6A
	UP BROADCAST MULTICAST  MTU:1500  Metric:1
	RX packets:0 errors:0 dropped:0 overruns:0 frame:0
	TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
	collisions:0 txqueuelen:1000 
	RX bytes:0 (0.0 iB)  TX bytes:0 (0.0 iB)
	Interrupt:12 Memory:d0120000-0 


eth6	Link encap:Ethernet  HWaddr 00:90:7F:3C:3B:69
	UP BROADCAST MULTICAST  MTU:1500  Metric:1
	RX packets:0 errors:0 dropped:0 overruns:0 frame:0
	TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
	collisions:0 txqueuelen:1000 
	RX bytes:0 (0.0 iB)  TX bytes:0 (0.0 iB)
	Interrupt:5 Memory:d0220000-0 


eth7	Link encap:Ethernet  HWaddr 00:90:7F:3C:3B:68
	UP BROADCAST MULTICAST  MTU:1500  Metric:1
	RX packets:0 errors:0 dropped:0 overruns:0 frame:0
	TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
	collisions:0 txqueuelen:1000 
	RX bytes:0 (0.0 iB)  TX bytes:0 (0.0 iB)
	Interrupt:10 Memory:d0320000-0 

lo 	Link encap:Local Loopback  
	inet addr:127.0.0.1  Mask:255.0.0.0
	UP LOOPBACK RUNNING  MTU:16436  Metric:1
	RX packets:2348431 errors:0 dropped:0 overruns:0 frame:0
	TX packets:2348431 errors:0 dropped:0 overruns:0 carrier:0
	collisions:0 txqueuelen:0 
	RX bytes:234701252 (223.8 MiB)  TX bytes:234701252 (223.8 MiB)

tun0	Link encap:Point-Point Protocol  
	inet addr:192.168.113.1  P-t-P:192.168.113.1  Mask:255.255.255.0
	UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1500  Metric:1
	RX packets:0 errors:0 dropped:0 overruns:0 frame:0
	TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
	collisions:0 txqueuelen:100 
	RX bytes:0 (0.0 iB)  TX bytes:0 (0.0 iB)
 

A colon (:) in an interface number, like eth0:1 in this example, indicates a secondary network (interface alias). A period (.) in an interface number, like eth3.1 in this example, indicates a VLAN interface. The number after the comma (,) is the VLAN ID number. In this example, two VLANs (VLAN ID 1 and ID 2) are configured on the eth3 interface.

The br1 and br2 interfaces in this example are bridges (virtual interfaces) associated with the two VLANs on eth 3,1 and eth3,2.

The lo interface is the loopback virtual interface. This interface has the standard loopback IP address of 127.0.0.1. Packets destined for this network loop back to the Firebox.

The interface tun0 in this example is a Point-to-Point VPN tunnel virtual interface.

Each line of the status for each interface includes this information:

Interface description

Interface name, interface type, MAC address

IP Address information

Interface IP address, broadcast IP address, IP netmask

Interface status information

Interface status flags (this includes: UP, BROADCAST, MULTICAST, and others)

Interface MTU (in bytes)

Interface metric (priority)

Received packet statistics

Number of received packets

Number of receive errors (this includes jabber, CRC, buffer overrun, runt frames, and others)

Number of dropped RX packets (these are rare)

Number of FIFO overruns (these are rare)

Number of frame errors (see note below)

Transmit packet statistics

Number of transmitted packets

Number of transmit errors (generally only transceiver problems)

Number of dropped packets (these are uncommon)

Number of FIFO overruns (these are uncommon)

Number of carrier errors (generally indicate bad Ethernet hardware or bad cabling)

Collisions statistics and transmit queue length

Number of collisions and transmit queue length

Transmit and receive byte counts

Number of bytes transmitted and received

Interrupt and memory

Interrupt and memory address for this interface

A high number of errors (greater than .1% of total packets) can be caused by bad Ethernet connectivity between the Firebox and what it is connected to, or it can be caused by hardware failure.

Frame errors are Ethernet errors that fail the Cyclic Redundancy Check (CRC) of the Ethernet receiver. These errors indicate damaged frames. There can be many causes for frame errors. For example, bad wiring, broken Ethernet hardware, and cable runs that are too long.

Bridges

The Bridges section only contains information if you define a VLAN on your network.

**
** Bridges (Virtual Interfaces)
**
bridge name	bridge id		STP enabled	interfaces
br1		8000.00907f3c3b64	no		eth3.1
br2		8000.00907f3c3b64	no		eth3.2
    

In this example there are two bridges for the two VLANs on eth3.

Routes

The Routes section of the Status Report contains the internal IP routing table on the Firebox. A route for each interface listed in the Interfaces section above appears in this list. It also includes routes for any virtual IP addresses. In this example, you see a route for a Mobile VPN for IPSec tunnel assigned to virtual IP address 10.0.50.225.

**
** Routes
**
Kernel IP routing table
Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface
10.0.50.225     192.168.54.254  255.255.255.255 UGH       0 0          0 eth0
192.168.54.0    0.0.0.0         255.255.255.0   U         0 0          0 eth0
10.10.20.0      0.0.0.0         255.255.255.0   U         0 0          0 br2
192.168.113.0   0.0.0.0         255.255.255.0   U         0 0          0 tun0
10.0.2.0        0.0.0.0         255.255.255.0   U         0 0          0 eth2
10.0.50.0       0.0.0.0         255.255.255.0   U         0 0          0 eth1
10.10.10.0      0.0.0.0         255.255.255.0   U         0 0          0 br1
127.0.0.0       0.0.0.0         255.0.0.0       U         0 0          0 lo
0.0.0.0         192.168.54.254  0.0.0.0         UG        0 0          0 eth0

The IP routing table is similar to routing tables on most computer systems. These are the possible flags:

U — Route is up

H — Target is a host

G — Use gateway

R — Reinstate route for dynamic routing

D — Dynamically installed by daemon or redirect

M — Modified from routing daemon or redirect

A — Installed by addrconf

C — Cache entry

! — Reject route

For more information about the routing table, see About the Firebox route table.

The ECMP settings appear after the routing table. This shows the default route.

**
** ECMP group
**
10.0.50.225 via 192.168.54.254 dev eth0 
default via 192.168.54.254 dev eth0

In this example, the ECMP group has a route for the Mobile VPN tunnel with the virtual IP address 10.0.50.225.

ARP Table

The ARP table maps IP addresses to the MAC address of each interface.

**
** ARP Table
**
Address                  HWtype  HWaddress           Flags Mask            Iface
192.168.54.57            ether   00:90:7F:2E:00:C0   C                     eth0
192.168.54.58            ether   00:90:7F:13:39:53   C                     eth0
192.168.54.254           ether   00:01:30:F3:F1:40   C                     eth0
10.0.50.2                ether   00:0C:29:73:DC:34   C                     eth1
10.0.50.225              *       *                   MP                    eth1

The ARP table on the Firebox is unique, because the device can do proxy ARP. Proxy ARP enables the Firebox to use the same IP address on three interfaces and to route between them properly. The Firebox does this with a special routing table and proxy ARP requests, which it uses to determine what interface certain IP addresses are connected to.

Flags in the ARP table:

C — Complete entry

M — Permanent entry

P — Published entry

- — If a dash (-) appears in the Flags Mask column, the ARP request/response failed. This could indicate bad cabling, bad Ethernet hardware, or a host that has been removed from the network before the Firebox has flushed that entry.

An ARP entry usually has a C flag. For a drop-in configuration, ARP entries are usually flagged CMP. If the device is configured in drop-in mode, there are three ARP table entries for each IP address. When a host on any of the networks makes a request for which there is already an ARP entry, the Firebox responds with its own MAC address, then forwards the packet to the correct IP address on one of the other interfaces.

In this example, the ARP table shows a virtual IP address of 10.0.50.225 assigned to a Mobile VPN tunnel. From Firebox System Manager, if you double-click Mobile VPN with IPSec Tunnels to expand the list of tunnels, you see this IP address assigned to a tunnel.

Dynamic Network Access Translation

The number of entries in the DNAT table appear in this section.

**
** Total Dynamic Network Address Translation (DNAT) entries
**
Used       Free
2          499198

External Interface status

Settings for all external interfaces are included in this section.

In this example, the Firebox has just one external interface.

**
** External interface status
**
**
** External interface <eth0>
**
Interface                     : eth0 
Enabled                       : yes
Mode                          : static
State                         : success
IP                            : 192.168.54.50
Netmask                       : 255.255.255.0
MTU                           : 1500

Multi-WAN status

Information about the Multi-WAN configuration settings and interface link status appear in this section.

**
** Multi-WAN status (PMM)
**
mcb: failbackGracePeriod=0, stickyTime:tcp=0, udp=0, others=0,  gwUpMap=1, failbackMap=0
=== gateway list===
ip=192.168.54.254, vifId=2000000, gw=up txRate=7730 rxRate=20043

=== Sticky Table === curTime=59443750ticks



**
** Multi-WAN status (Link Monitor)
**
send LNKMON Status Req message type 0xff81 with module 6
readStatusReq: timeout is set to 40
readStatusReq: 1339 bytes from LNKMON
StatusRecvMsg: Rcvd msg type 0xff82

**----------------------------------------------------------------------
	LNKMOND state reply at Wed Aug 20 13:40:00 2008

MONITORD state=2 HArole=0, HAmode=2, trace_level=0, event_lever=6 at Wed Aug 20 13:40:00 2008
Licensed IF=8, total IF=8, GW=1. Counted IF=8

eth0  	(Enabled) ipStr=192.168.54.50   gwStr=192.168.54.254 , PHY State=2, status=LK_UP
	property=2, ifType=0, extType=1
	PROBE INFO: (Disabled)

eth1  	(Enabled) ipStr=10.0.50.1       gwStr=               , PHY State=2, status=LK_UP
	property=1, ifType=0, extType=1
	PROBE INFO: (Disabled)

eth2  	(Disabled) ipStr=10.0.2.1        gwStr=               , PHY State=1, status=LK_DOWN
	property=3, ifType=0, extType=1
	PROBE INFO: (Disabled)

eth3  	(Disabled) ipStr=10.0.3.1        gwStr=               , PHY State=1, status=LK_DOWN
	property=3, ifType=0, extType=1
	PROBE INFO: (Disabled)

eth4  	(Disabled) ipStr=10.0.44.1       gwStr=               , PHY State=1, status=LK_DOWN
	property=3, ifType=0, extType=1
	PROBE INFO: (Disabled)

eth5  	(Disabled) ipStr=10.0.55.1       gwStr=               , PHY State=1, status=LK_DOWN
	property=3, ifType=0, extType=1
	PROBE INFO: (Disabled)

eth6  	(Disabled) ipStr=10.0.6.1        gwStr=               , PHY State=1, status=LK_DOWN
	property=3, ifType=0, extType=1
	PROBE INFO: (Disabled)

eth7  	(Disabled) ipStr=10.0.7.1        gwStr=               , PHY State=1, status=LK_DOWN
	property=3, ifType=0, extType=1
	PROBE INFO: (Disabled)




DHCP and DNS

DHCP client lease information and a list of DNS servers appear in this section.

**
** DHCP client leases
**

**
** Domain Name Server(s)
**
nameserver 192.168.130.131
nameserver 192.168.130.245
nameserver 10.0.61.254

Dynamic Routing

If you have configured dynamic routing protocols (RIP, OSPF, or BGP) on your Firebox, configuration and status information appears in these sections.

**
** Dynamic routing
**
**
** Routing Protocol (RIP)
**
rip is not enabled
**
** Routing Protocol (OSPF)
**
ospf is not enabled
**
** Routing Protocol (BGP)
**
bgp is not enabled

In this example, the Firebox is not configured for dynamic routing.

See also

Traffic and performance statistics (Status Report)

Give us feedback  •   Get Support  •   All product documentation  •   FAQs