Contents

Related Topics

Firebox System Manager Status Report Example

The Status Report tab in Firebox System Manager contains the Firebox Status Report. This report includes information about all the currently active processes on your Firebox, the ARP table, interface and routing metrics, and other information about the current status and configuration of your device. You can use the Status Report to monitor the performance of your Firebox and the traffic through the device. You can also use the Status Report when you work with WatchGuard Technical Support to troubleshoot issues.

The sections in this example are from a WatchGuard XTM 1050 Status Report. If you have a different Firebox model, or have different features enabled on your device, your Status Report can include different information.

Uptime, Version, and Serial Number Information

At the top of the Status Report, the system time, uptime for the Firebox, and the version numbers of the major software components appear. The serial number and model number of the device are also included.

Status report for 'XTM330_90' from Tue Oct 18 08:45:52 2016
Version : 11.12.B514351
sysb : 11.7B350726
Serial #: 80BD02EE1B8F1
Model   : XTM330
CPU cores: 2
Current local time: Tue Oct 18 08:45:52 2016
Current UTC time  : Tue Oct 18 15:45:52 2016
Uptime            : 5d 16h 6m 52s

Firebox Components Status

The Firebox Modular Components section contains the version number and build information for each Fireware XTM module on the Firebox .

Firebox Modular Components
--------------------------
Module                                   Version              Build Number        
xtables6                                 11.9                 445545              
xtables-addons                           11.9                 445545              
wgversion                                11.9                 445545              
wgsync                                   11.9                 445545              
wgplatform                               11.9                 445545              
wgcore                                   11.9                 445545              
wgbase                                   11.9                 445545              
webui                                    11.9                 445545              
vpn-l2tp                                 11.9                 445545              
vpn-data                                 11.9                 445545              
vpn                                      11.9                 445545              
rootfs                                   11.9                 445545              
root                                     11.9                 445545              
resource                                 11.9                 445545              
ra                                       11.9                 445545              
python-packages                          11.9                 445545              
python                                   11.9                 445545              
proxy-wbcat                              11.9                 445545              
proxy-sigd                               11.9                 445545              
proxy-dlp                                11.9                 445545              
proxy-cteng                              11.9                 445545              
proxy-bwueng                             11.9                 445545              
proxy-avg                                11.9                 445545              
proxy                                    11.9                 445545              
product-schema                           11.9                 445545              
product-common                           11.9                 445545              
product                                  11.9                 445545              
ntp                                      11.9                 445545              
networking6                              11.9                 445545              
networking                               11.9                 445545              
net-tools                                11.9                 445545              
net-snmp                                 11.9                 445545              
kdump                                    11.9                 445545              
ixgbe                                    11.9                 445545              
ike                                      11.9                 445545              
igb                                      11.9                 445545              
gateway wireless controller              11.9                 445545              
foundation-extra                         11.9                 445545              
foundation                               11.9                 445545              
firewall6                                11.9                 445545              
firewall                                 11.9                 445545              
fault reporting system                   11.9                 445545              
e1000e                                   11.9                 445545              
dynroute                                 11.9                 445545              
deprecated                               11.9                 445545              
cluster                                  11.9                 445545              
cli                                      11.9                 445545              
cavium-nplus                             11.9                 445545              
armled                                   11.9                 445545              
appID                                    11.9                 445545              
  

In this example, the modules are version 11.9.

Logging

The Log Configuration section contains information about whether logging is enabled to a syslog server or WatchGuard Log Server, and the IP addresses of any configured Log Servers.

To configure these settings, from Policy Manager, select Setup > Logging.

Log Configuration
-----------------
Syslog Server: 0.0.0.0
Status: Disconnected

Watchguard Log Server: Enabled
Active Server: 203.0.113.9
Status: Connected

If your device is configured to send log messages to a syslog server, because the traffic from the device to the syslog server is sent only one way, and because the connection to the syslog server is not confirmed by the device, the Status setting that appears is always Connected.

If your device is configured to send log messages to a WatchGuard Log Server, the Status only appears as Connected if the connection to the WatchGuard Log Server or Dimension Log Server is active and the Log Server accepts the log messages sent from the device. If a WatchGuard Log Server is configured for your device but the Status that appears is Disconnected, the IP address or encryption key specified in the device configuration for the Log Server might be incorrect.

Process List

The Process List section of the Status Report contains information about all the current processes on the Firebox.

The example below is a partial list. Your Status Report might include information about more processes.

Process list
------------
   PID ST   %CPU      VSS      RSS   SHARED                        STARTED     TIME    COMMAND
     0  -   0.25        0        0        0       Mon April  9 15:39:42 2014  17:18.05  system
     1  S   0.00     4236     1552     1032       Mon April  9 15:39:42 2014   0:03.00  /sbin/init
     2  S   0.00        0        0        0       Mon April  9 15:39:42 2014   0:00.00  kthreadd
     3  S   0.00        0        0        0       Mon April  9 15:39:42 2014   0:00.00  ksoftirqd/0
     4  S   0.00        0        0        0       Mon April  9 15:39:42 2014   0:00.00  kworker/0:0
     6  S   0.00        0        0        0       Mon April  9 15:39:42 2014   0:00.00  migration/0
     7  S   0.00        0        0        0       Mon April  9 15:39:42 2014   0:00.19  watchdog/0
     8  S   0.00        0        0        0       Mon April  9 15:39:42 2014   0:00.00  migration/1
     9  S   0.00        0        0        0       Mon April  9 15:39:42 2014   0:21.38  kworker/1:0
    10  S   0.00        0        0        0       Mon April  9 15:39:42 2014   0:00.00  ksoftirqd/1
    11  S   0.00        0        0        0       Mon April  9 15:39:42 2014   0:23.68  kworker/0:1
    12  S   0.00        0        0        0       Mon April  9 15:39:42 2014   0:00.16  watchdog/1
    13  S   0.00        0        0        0       Mon April  9 15:39:42 2014   0:00.00  migration/2
    14  S   0.00        0        0        0       Mon April  9 15:39:42 2014   0:00.00  kworker/2:0
    15  S   0.00        0        0        0       Mon April  9 15:39:42 2014   0:00.02  ksoftirqd/2
    16  S   0.00        0        0        0       Mon April  9 15:39:42 2014   0:00.16  watchdog/2
    17  S   0.00        0        0        0       Mon April  9 15:39:42 2014   0:00.00  migration/3
    18  S   0.00        0        0        0       Mon April  9 15:39:42 2014   0:00.00  kworker/3:0
    19  S   0.00        0        0        0       Mon April  9 15:39:42 2014   0:00.08  ksoftirqd/3
    20  S   0.00        0        0        0       Mon April  9 15:39:42 2014   0:00.16  watchdog/3
    21  S   0.00        0        0        0       Mon April  9 15:39:42 2014   0:00.00  migration/4
    22  S   0.00        0        0        0       Mon April  9 15:39:42 2014   0:00.00  kworker/4:0
    23  S   0.00        0        0        0       Mon April  9 15:39:42 2014   0:00.01  ksoftirqd/4
    24  S   0.00        0        0        0       Mon April  9 15:39:42 2014   0:00.16  watchdog/4
    25  S   0.00        0        0        0       Mon April  9 15:39:42 2014   0:00.00  migration/5
    26  S   0.00        0        0        0       Mon April  9 15:39:42 2014   0:00.00  kworker/5:0
    27  S   0.00        0        0        0       Mon April  9 15:39:42 2014   0:00.01  ksoftirqd/5
    28  S   0.00        0        0        0       Mon April  9 15:39:42 2014   0:00.16  watchdog/5
    29  S   0.00        0        0        0       Mon April  9 15:39:42 2014   0:00.00  migration/6
    30  S   0.00        0        0        0       Mon April  9 15:39:42 2014   0:00.00  kworker/6:0
    31  S   0.00        0        0        0       Mon April  9 15:39:42 2014   0:00.04  ksoftirqd/6
    32  S   0.00        0        0        0       Mon April  9 15:39:42 2014   0:00.16  watchdog/6
    33  S   0.00        0        0        0       Mon April  9 15:39:42 2014   0:00.00  migration/7
    34  S   0.00        0        0        0       Mon April  9 15:39:42 2014   0:00.00  kworker/7:0
    35  S   0.00        0        0        0       Mon April  9 15:39:42 2014   0:00.05  ksoftirqd/7
    36  S   0.00        0        0        0       Mon April  9 15:39:42 2014   0:00.16  watchdog/7
    37  S   0.00        0        0        0       Mon April  9 15:39:42 2014   0:00.00  khelper
   190  S   0.00        0        0        0       Mon April  9 15:39:42 2014   0:00.13  sync_supers
   192  S   0.00        0        0        0       Mon April  9 15:39:42 2014   0:00.00  bdi-default
   194  S   0.00        0        0        0       Mon April  9 15:39:42 2014   0:00.00  kblockd
   339  S   0.00        0        0        0       Mon April  9 15:39:43 2014   0:00.00  ata_sff
   347  S   0.00        0        0        0       Mon April  9 15:39:43 2014   0:00.00  khubd
   358  S   0.00        0        0        0       Mon April  9 15:39:43 2014   0:00.07  kworker/1:1

Each line in the process list includes this information:

PID

The process ID.

ST

Process status codes. These are the possible status codes:

D — Uninterruptible sleep (usually IO)

R — Runnable (on run queue)

S — Sleeping

T — Traced or stopped

Z — A defunct ("zombie") process

W — Has no resident pages

< — High-priority process

N — Low-priority task

L — Has pages locked into memory (for real-time and custom IO)

%CPU

The percentage of CPU capacity used by this process.

VSS

Virtual memory usage.

RSS

Real memory usage.

SHARED

Shared memory usage.

STARTED

What time the process started.

TIME

The total CPU time this process used.

COMMAND

The name of the process or command.

Memory

The amount of Firebox memory currently in use appears in the Memory info section of the Status Report.

Memory info
------------
MemTotal:        4131220 kB
MemFree:         3625352 kB
Buffers:            5184 kB
Cached:            75536 kB
SwapCached:            0 kB
Active:           158052 kB
Inactive:          61780 kB
Active(anon):     144584 kB
Inactive(anon):     2704 kB
Active(file):      13468 kB
Inactive(file):    59076 kB
Unevictable:           0 kB
Mlocked:               0 kB
HighTotal:       1578888 kB
HighFree:        1135952 kB
LowTotal:        2552332 kB
LowFree:         2489400 kB
SwapTotal:             0 kB
SwapFree:              0 kB
Dirty:                 0 kB
Writeback:             0 kB
AnonPages:        139116 kB
Mapped:            19944 kB
Shmem:              8176 kB
Slab:              43292 kB
SReclaimable:       8196 kB
SUnreclaim:        35096 kB
KernelStack:        1984 kB
PageTables:         2400 kB
NFS_Unstable:          0 kB
Bounce:                0 kB
WritebackTmp:          0 kB
CommitLimit:     2065608 kB
Committed_AS:     646508 kB
VmallocTotal:     516096 kB
VmallocUsed:      226132 kB
VmallocChunk:     161096 kB
HardwareCorrupted:     0 kB
HugePages_Total:       0
HugePages_Free:        0
HugePages_Rsvd:        0
HugePages_Surp:        0
Hugepagesize:       2048 kB
DirectMap4k:       10232 kB
DirectMap2M:     2605056 kB

In this example, the Firebox has approximately 4 GB of total memory, which is the standard amount of RAM for an XTM 1050 device.

When you troubleshoot any issues with the memory on your Firebox, make sure to review these memory numbers first:

MemTotal

This is the total amount of memory available on your device.

MemFree

This is the amount of memory that is not reserved or currently in use.

Cached

This is the amount of memory that is reserved by a device process, but is not currently in use. A high Cached value does not indicate a memory problem.

LowFree

This is the amount of memory currently available in the low memory region on your device. The Fireware OS kernel uses this memory for processes.

Slab Information

The Slab Info section includes cache statistics for each Linux kernel object on your Firebox .

This example includes only a small portion of the slabinfo section for the example XTM 1050 device.

slabinfo
------------
slabinfo - version: 2.1
# name            <active_objs> <num_objs> <objsize> <objperslab> <pagesperslab> : tunables <limit> <batchcount> <sharedfactor> : slabdata <active_slabs> <num_slabs> <sharedavail>
bwdrv_sw               0      0     84   46    1 : tunables  120   60    8 : slabdata      0      0      0
ips_job_cache          0      0     32  113    1 : tunables  120   60    8 : slabdata      0      0      0
ips_jbl_cache          0      0     16  203    1 : tunables  120   60    8 : slabdata      0      0      0
ips_ptn_loc_node_cache      0      0     64   59    1 : tunables  120   60    8 : slabdata      0      0      0
ips_ptn_seq_node_cache      0      0     64   59    1 : tunables  120   60    8 : slabdata      0      0      0
ips_ptn_tree_cache      0      0     64   59    1 : tunables  120   60    8 : slabdata      0      0      0
ips_pkt_loc_node_cache      0      0     64   59    1 : tunables  120   60    8 : slabdata      0      0      0
ips_pkt_seq_node_cache      0      0     64   59    1 : tunables  120   60    8 : slabdata      0      0      0
ips_reasm_data_cache      0      0     64   59    1 : tunables  120   60    8 : slabdata      0      0      0
ips_tcp_conn_cache      0      0    192   20    1 : tunables  120   60    8 : slabdata      0      0      0
ips_packet_cache#7      0      0    640    6    1 : tunables   54   27    8 : slabdata      0      0      0
ips_packet_cache#6      0      0    640    6    1 : tunables   54   27    8 : slabdata      0      0      0
ips_packet_cache#5      0      0    640    6    1 : tunables   54   27    8 : slabdata      0      0      0
ips_packet_cache#4      0      0    640    6    1 : tunables   54   27    8 : slabdata      0      0      0
ips_packet_cache#3      0      0    640    6    1 : tunables   54   27    8 : slabdata      0      0      0
ips_packet_cache#2      0      0    640    6    1 : tunables   54   27    8 : slabdata      0      0      0
ips_packet_cache#1      0      0    640    6    1 : tunables   54   27    8 : slabdata      0      0      0
ips_packet_cache#0      0      0    640    6    1 : tunables   54   27    8 : slabdata      0      0      0     0

Load Average

The Load Average section contains statistics about average process load over time.

Load Average
-------------
1-min   5-min   15-min   run-proc   last-pid
0.31    0.31    0.32     1/242       29751 

The Load Average shows the number of jobs in the processor core run-queue, or the run-queue length. The run-queue length is the total number of processes currently running, plus the number of processes that are on hold in the run-queue. If the Load Average values are high, the system is under heavy use and the response time is correspondingly slow.

1-min

This number is the average load for the last minute.

5-min

This number is the average load for the last 5 minutes.

15-min

This number is the average load for the last 15 minutes.

run-proc

This statistic has two numbers: the first number is the number of processes in the run state; the second number is the total number of processes on the device. In this example, the run-proc is 2/52, which means there are 2 current processes from a total of 52 on the Firebox .

last-pid

This value is the PID (process ID) that is assigned to the next process.

For example, if your Firebox has eight cores and a Load Average of 4.0, the device would not be under heavier use than a device with one core and a Load Average of .5.

IPv6 Network Hop Limit

The IPv6 Network Hop Limit section includes the current IPv6 hop limit settings configured for the interfaces on your device. The hop limit is the number of network segments a packet can travel over before it is discarded by a router. The default value is 64.

ipv6 network hop limit
-----------------------
not set

Network Configuration

The status of physical network interfaces on the Firebox appears in the Network Configuration section.

Network Configuration
------------
Enabled If-#  Dev-Name        Name                        Address            Zone*/MTU  Status IP-Assignment
Yes     0     eth0            External                    203.0.113.10/24    EX/1500    up     static         
Yes     1     eth1            Trusted                     10.0.10.1/24       TR/1500    up     static         
No      2     eth2            Optional-1                  0.0.0.0/0          OP/1500    down   static         
No      3     eth3            Optional-2                  0.0.0.0/0          OP/1500    down   static         
No      4     eth4            Optional-3                  0.0.0.0/0          OP/1500    down   static         
No      5     eth5            Optional-4                  0.0.0.0/0          OP/1500    down   static         
No      6     eth6            Optional-5                  0.0.0.0/0          OP/1500    down   static         
No      7     eth7            Optional-6                  0.0.0.0/0          OP/1500    down   static         
No      8     eth8            Optional-7                  0.0.0.0/0          OP/1500    down   static         
No      9     eth9            Optional-8                  0.0.0.0/0          OP/1500    down   static         
No      10    eth10           Optional-9                  0.0.0.0/0          OP/1500    down   static         
No      11    eth11           Optional-10                 0.0.0.0/0          OP/1500    down   static         
No      12    eth12           Optional-11                 0.0.0.0/0          OP/1500    down   static         
No      13    eth13           Optional-12                 0.0.0.0/0          OP/1500    down   static         

* Zone:  TR = trusted, EX = external, OP = optional, LA = link aggregation, VL = vlan, BR = bridge, CL = cluster 

For each interface, the Status Report indicates whether the interface is enabled, the name of the interface, and the IP address. It also shows the Maximum Transmission Unit (MTU), the status of the interface (up or down), and whether the IP address assignment is static or dynamic.

Enabled

Yes or No. This indicates whether the interface is currently enabled in the Firebox or XTM configuration

IF-#

This is the number assigned to the interface. A wireless interface ath1, physical interface eth1, and virtual interface vlan1 can all be assigned the number 1.

Dev-Name

The name of the interface as it appears in Fireware OS. The interface name also appears in some Event and Debug log messages.

  • eth# — A physical interface on the Firebox.
  • ath# — A wireless interface on the Firebox. This only applies to wireless interfaces on the Firebox, not interfaces with a connected AP device.
  • vlan# — A Virtual LAN interface and the VLAN ID number.
  • bond# — A Link Aggregation interface.
  • br# — A bridge interface on the Firebox.

Name

The name specified for the interface. This is included in traffic log messages in Traffic Monitor.

Address

The primary IP address of the interface, in CIDR format. Secondary IP addresses do not appear in this section.

Zone*/MTU

The network zone, such as TR (trusted), EX (external), or OP (optional), and the MTU value configured for the interface.

Status

up or down. This indicates the status of the physical link or Multi-WAN interface.

IP-Assignment

static, dhcp, or pppoe. This shows how the interface is assigned an IP address.

Interfaces

Configuration information and traffic statistics for each Firebox network interface appear in this section.

Interfaces
------------
eth0      Link encap:Ethernet  HWaddr 00:90:7F:83:09:7B  
          inet addr:203.0.113.10  Bcast:203.0.113.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:1214646 errors:0 dropped:0 overruns:0 frame:0
          TX packets:1844006 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:209554416 (199.8 MiB)  TX bytes:1227193215 (1.1 GiB)
          Interrupt:16 Memory:fd980000-fd9a0000 

eth1      Link encap:Ethernet  HWaddr 00:90:7F:83:09:7A  
          inet addr:10.0.10.1  Bcast:10.0.10.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:53974 errors:0 dropped:0 overruns:0 frame:0
          TX packets:4861 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:4777751 (4.5 MiB)  TX bytes:311104 (303.8 KiB)
          Interrupt:17 Memory:fd9e0000-fda00000 

eth10     Link encap:Ethernet  HWaddr 00:90:7F:83:09:85  
          BROADCAST MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)
          Interrupt:17 Memory:fdc80000-fdca0000 

eth11     Link encap:Ethernet  HWaddr 00:90:7F:83:09:84  
          BROADCAST MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)
          Interrupt:18 Memory:fdce0000-fdd00000 

eth12     Link encap:Ethernet  HWaddr 00:90:7F:83:09:87  
          BROADCAST MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)
          Interrupt:18 Memory:fdac0000-fdae0000 

eth13     Link encap:Ethernet  HWaddr 00:90:7F:83:09:86  
          BROADCAST MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)
          Interrupt:19 Memory:fdae0000-fdb00000 

eth2      Link encap:Ethernet  HWaddr 00:90:7F:83:09:7D  
          BROADCAST MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)
          Interrupt:16 Memory:fd780000-fd7a0000 

eth3      Link encap:Ethernet  HWaddr 00:90:7F:83:09:7C  
          BROADCAST MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)
          Interrupt:17 Memory:fd7e0000-fd800000 

eth4      Link encap:Ethernet  HWaddr 00:90:7F:83:09:7F  
          BROADCAST MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)
          Interrupt:16 Memory:fd580000-fd5a0000 

eth5      Link encap:Ethernet  HWaddr 00:90:7F:83:09:7E  
          BROADCAST MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)
          Interrupt:17 Memory:fd5e0000-fd600000 

eth6      Link encap:Ethernet  HWaddr 00:90:7F:83:09:81  
          BROADCAST MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)
          Interrupt:16 Memory:fd380000-fd3a0000 

eth7      Link encap:Ethernet  HWaddr 00:90:7F:83:09:80  
          BROADCAST MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)
          Interrupt:17 Memory:fd3e0000-fd400000 

eth8      Link encap:Ethernet  HWaddr 00:90:7F:83:09:83  
          BROADCAST MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)
          Interrupt:16 Memory:fde80000-fdea0000 

eth9      Link encap:Ethernet  HWaddr 00:90:7F:83:09:82  
          BROADCAST MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)
          Interrupt:17 Memory:fdee0000-fdf00000 

gre0      Link encap:UNSPEC  HWaddr 00-00-00-00-07-08-D8-B1-00-00-00-00-00-00-00-00  
          NOARP  MTU:1476  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)
 

If a colon (:) appears in an interface number, it indicates a secondary network (interface alias). A period (.) in an interface number, indicates a VLAN interface. The number after the period(.) is the VLAN ID number.

Interfaces that appear in your report with names such as br1 and br2 are bridges (virtual interfaces) associated with the two VLANs on eth3,1 and eth3, 2.

A lo interface is a loopback virtual interface. This interface has the standard loopback IP address of 127.0.0.1. Packets destined for this network loop back to the Firebox .

An interface such as tun0 is a Point-to-Point VPN tunnel virtual interface.

An interface such as bond0 is a link aggregation interface.

An interface such as ath0 is a wireless interface.

An interface such as gre0 is a virtual interface related to Branch Office VPN tunnels.

An interface such as sw10 is a virtual switch interface which is used by some Firebox models to manage physical interfaces.

Each line of the status for each interface includes this information:

Interface description

Interface name, interface type, MAC address

IP Address information

Interface IP address, broadcast IP address, IP netmask

Interface status information

Interface status flags (this includes: UP, BROADCAST, MULTICAST, and others)

Interface MTU (in bytes)

Interface metric (priority)

Received packet statistics

Number of received packets

Number of receive errors (this includes jabber, CRC, buffer overrun, runt frames, and others)

Number of dropped RX packets (these are rare)

Number of FIFO overruns (these are rare)

Number of frame errors (see note below)

Transmit packet statistics

Number of transmitted packets

Number of transmit errors (generally only transceiver problems)

Number of dropped packets (these are uncommon)

Number of FIFO overruns (these are uncommon)

Number of carrier errors (generally indicate bad Ethernet hardware or bad cabling)

Collisions statistics and transmit queue length

Number of collisions and transmit queue length

Transmit and receive byte counts

Number of bytes transmitted and received

Interrupt and memory

Interrupt and memory address for this interface

A high number of errors (greater than .1% of total packets) can be caused by bad Ethernet connectivity between the Firebox and what it is connected to, or it can be caused by hardware failure.

Frame errors are Ethernet errors that fail the Cyclic Redundancy Check (CRC) of the Ethernet receiver. These errors indicate damaged frames. There can be many causes for frame errors. For example, bad wiring, broken Ethernet hardware, and cable runs that are too long.

Physical Interfaces Link Status

The Physical Interfaces Link Status section includes link information for each interface on your device.

Physical Interfaces Link Status
------------
Settings for eth0:
	Supported ports: [ TP ]
	Supported link modes:   10baseT/Half 10baseT/Full 
	                        100baseT/Half 100baseT/Full 
	                        1000baseT/Full 
	Supports auto-negotiation: Yes
	Advertised link modes:  10baseT/Half 10baseT/Full 
	                        100baseT/Half 100baseT/Full 
	                        1000baseT/Full 
	Advertised pause frame use: No
	Advertised auto-negotiation: Yes
	Speed: 100Mb/s
	Duplex: Full
	Port: Twisted Pair
	PHYAD: 1
	Transceiver: internal
	Auto-negotiation: on
	MDI-X: off
	Supports Wake-on: pumbg
	Wake-on: d
	Current message level: 0x00000001 (1)
			       drv
	Link detected: yes

Settings for eth1:
	Supported ports: [ TP ]
	Supported link modes:   10baseT/Half 10baseT/Full 
	                        100baseT/Half 100baseT/Full 
	                        1000baseT/Full 
	Supports auto-negotiation: Yes
	Advertised link modes:  10baseT/Half 10baseT/Full 
	                        100baseT/Half 100baseT/Full 
	                        1000baseT/Full 
	Advertised pause frame use: No
	Advertised auto-negotiation: Yes
	Speed: 100Mb/s
	Duplex: Full
	Port: Twisted Pair
	PHYAD: 1
	Transceiver: internal
	Auto-negotiation: on
	MDI-X: on
	Supports Wake-on: d
	Wake-on: d
	Current message level: 0x00000001 (1)
			       drv
	Link detected: yes

Settings for eth2:
	Supported ports: [ TP ]
	Supported link modes:   10baseT/Half 10baseT/Full 
	                        100baseT/Half 100baseT/Full 
	                        1000baseT/Full 
	Supports auto-negotiation: Yes
	Advertised link modes:  10baseT/Half 10baseT/Full 
	                        100baseT/Half 100baseT/Full 
	                        1000baseT/Full 
	Advertised pause frame use: No
	Advertised auto-negotiation: Yes
	Speed: Unknown!
	Duplex: Unknown! (255)
	Port: Twisted Pair
	PHYAD: 1
	Transceiver: internal
	Auto-negotiation: on
	MDI-X: Unknown
	Supports Wake-on: pumbg
	Wake-on: d
	Current message level: 0x00000001 (1)
			       drv
	Link detected: no

Settings for eth3:
	Supported ports: [ TP ]
	Supported link modes:   10baseT/Half 10baseT/Full 
	                        100baseT/Half 100baseT/Full 
	                        1000baseT/Full 
	Supports auto-negotiation: Yes
	Advertised link modes:  10baseT/Half 10baseT/Full 
	                        100baseT/Half 100baseT/Full 
	                        1000baseT/Full 
	Advertised pause frame use: No
	Advertised auto-negotiation: Yes
	Speed: Unknown!
	Duplex: Unknown! (255)
	Port: Twisted Pair
	PHYAD: 1
	Transceiver: internal
	Auto-negotiation: on
	MDI-X: Unknown
	Supports Wake-on: d
	Wake-on: d
	Current message level: 0x00000001 (1)
			       drv
	Link detected: no

Settings for eth4:
	Supported ports: [ TP ]
	Supported link modes:   10baseT/Half 10baseT/Full 
	                        100baseT/Half 100baseT/Full 
	                        1000baseT/Full 
	Supports auto-negotiation: Yes
	Advertised link modes:  10baseT/Half 10baseT/Full 
	                        100baseT/Half 100baseT/Full 
	                        1000baseT/Full 
	Advertised pause frame use: No
	Advertised auto-negotiation: Yes
	Speed: Unknown!
	Duplex: Unknown! (255)
	Port: Twisted Pair
	PHYAD: 1
	Transceiver: internal
	Auto-negotiation: on
	MDI-X: Unknown
	Supports Wake-on: pumbg
	Wake-on: d
	Current message level: 0x00000001 (1)
			       drv
	Link detected: no

Settings for eth5:
	Supported ports: [ TP ]
	Supported link modes:   10baseT/Half 10baseT/Full 
	                        100baseT/Half 100baseT/Full 
	                        1000baseT/Full 
	Supports auto-negotiation: Yes
	Advertised link modes:  10baseT/Half 10baseT/Full 
	                        100baseT/Half 100baseT/Full 
	                        1000baseT/Full 
	Advertised pause frame use: No
	Advertised auto-negotiation: Yes
	Speed: Unknown!
	Duplex: Unknown! (255)
	Port: Twisted Pair
	PHYAD: 1
	Transceiver: internal
	Auto-negotiation: on
	MDI-X: Unknown
	Supports Wake-on: d
	Wake-on: d
	Current message level: 0x00000001 (1)
			       drv
	Link detected: no

Settings for eth6:
	Supported ports: [ TP ]
	Supported link modes:   10baseT/Half 10baseT/Full 
	                        100baseT/Half 100baseT/Full 
	                        1000baseT/Full 
	Supports auto-negotiation: Yes
	Advertised link modes:  10baseT/Half 10baseT/Full 
	                        100baseT/Half 100baseT/Full 
	                        1000baseT/Full 
	Advertised pause frame use: No
	Advertised auto-negotiation: Yes
	Speed: Unknown!
	Duplex: Unknown! (255)
	Port: Twisted Pair
	PHYAD: 1
	Transceiver: internal
	Auto-negotiation: on
	MDI-X: Unknown
	Supports Wake-on: pumbg
	Wake-on: d
	Current message level: 0x00000001 (1)
			       drv
	Link detected: no

Settings for eth7:
	Supported ports: [ TP ]
	Supported link modes:   10baseT/Half 10baseT/Full 
	                        100baseT/Half 100baseT/Full 
	                        1000baseT/Full 
	Supports auto-negotiation: Yes
	Advertised link modes:  10baseT/Half 10baseT/Full 
	                        100baseT/Half 100baseT/Full 
	                        1000baseT/Full 
	Advertised pause frame use: No
	Advertised auto-negotiation: Yes
	Speed: Unknown!
	Duplex: Unknown! (255)
	Port: Twisted Pair
	PHYAD: 1
	Transceiver: internal
	Auto-negotiation: on
	MDI-X: Unknown
	Supports Wake-on: d
	Wake-on: d
	Current message level: 0x00000001 (1)
			       drv
	Link detected: no

Settings for eth8:
	Supported ports: [ TP ]
	Supported link modes:   10baseT/Half 10baseT/Full 
	                        100baseT/Half 100baseT/Full 
	                        1000baseT/Full 
	Supports auto-negotiation: Yes
	Advertised link modes:  10baseT/Half 10baseT/Full 
	                        100baseT/Half 100baseT/Full 
	                        1000baseT/Full 
	Advertised pause frame use: No
	Advertised auto-negotiation: Yes
	Speed: Unknown!
	Duplex: Unknown! (255)
	Port: Twisted Pair
	PHYAD: 1
	Transceiver: internal
	Auto-negotiation: on
	MDI-X: Unknown
	Supports Wake-on: pumbg
	Wake-on: d
	Current message level: 0x00000001 (1)
			       drv
	Link detected: no

Settings for eth9:
	Supported ports: [ TP ]
	Supported link modes:   10baseT/Half 10baseT/Full 
	                        100baseT/Half 100baseT/Full 
	                        1000baseT/Full 
	Supports auto-negotiation: Yes
	Advertised link modes:  10baseT/Half 10baseT/Full 
	                        100baseT/Half 100baseT/Full 
	                        1000baseT/Full 
	Advertised pause frame use: No
	Advertised auto-negotiation: Yes
	Speed: Unknown!
	Duplex: Unknown! (255)
	Port: Twisted Pair
	PHYAD: 1
	Transceiver: internal
	Auto-negotiation: on
	MDI-X: Unknown
	Supports Wake-on: d
	Wake-on: d
	Current message level: 0x00000001 (1)
			       drv
	Link detected: no

Settings for eth10:
	Supported ports: [ TP ]
	Supported link modes:   10baseT/Half 10baseT/Full 
	                        100baseT/Half 100baseT/Full 
	                        1000baseT/Full 
	Supports auto-negotiation: Yes
	Advertised link modes:  10baseT/Half 10baseT/Full 
	                        100baseT/Half 100baseT/Full 
	                        1000baseT/Full 
	Advertised pause frame use: No
	Advertised auto-negotiation: Yes
	Speed: Unknown!
	Duplex: Unknown! (255)
	Port: Twisted Pair
	PHYAD: 1
	Transceiver: internal
	Auto-negotiation: on
	MDI-X: Unknown
	Supports Wake-on: pumbg
	Wake-on: d
	Current message level: 0x00000001 (1)
			       drv
	Link detected: no

Settings for eth11:
	Supported ports: [ TP ]
	Supported link modes:   10baseT/Half 10baseT/Full 
	                        100baseT/Half 100baseT/Full 
	                        1000baseT/Full 
	Supports auto-negotiation: Yes
	Advertised link modes:  10baseT/Half 10baseT/Full 
	                        100baseT/Half 100baseT/Full 
	                        1000baseT/Full 
	Advertised pause frame use: No
	Advertised auto-negotiation: Yes
	Speed: Unknown!
	Duplex: Unknown! (255)
	Port: Twisted Pair
	PHYAD: 1
	Transceiver: internal
	Auto-negotiation: on
	MDI-X: Unknown
	Supports Wake-on: d
	Wake-on: d
	Current message level: 0x00000001 (1)
			       drv
	Link detected: no

Settings for eth12:
	Supported ports: [ TP ]
	Supported link modes:   10baseT/Half 10baseT/Full 
	                        100baseT/Half 100baseT/Full 
	                        1000baseT/Full 
	Supports auto-negotiation: Yes
	Advertised link modes:  10baseT/Half 10baseT/Full 
	                        100baseT/Half 100baseT/Full 
	                        1000baseT/Full 
	Advertised pause frame use: No
	Advertised auto-negotiation: Yes
	Speed: Unknown!
	Duplex: Unknown! (255)
	Port: Twisted Pair
	PHYAD: 1
	Transceiver: internal
	Auto-negotiation: on
	MDI-X: Unknown
	Supports Wake-on: pumbg
	Wake-on: g
	Current message level: 0x00000001 (1)
			       drv
	Link detected: no

Settings for eth13:
	Supported ports: [ TP ]
	Supported link modes:   10baseT/Half 10baseT/Full 
	                        100baseT/Half 100baseT/Full 
	                        1000baseT/Full 
	Supports auto-negotiation: Yes
	Advertised link modes:  10baseT/Half 10baseT/Full 
	                        100baseT/Half 100baseT/Full 
	                        1000baseT/Full 
	Advertised pause frame use: No
	Advertised auto-negotiation: Yes
	Speed: Unknown!
	Duplex: Unknown! (255)
	Port: Twisted Pair
	PHYAD: 1
	Transceiver: internal
	Auto-negotiation: on
	MDI-X: Unknown
	Supports Wake-on: pumbg
	Wake-on: g
	Current message level: 0x00000001 (1)
			       drv
	Link detected: no  

Other areas that can appear in the Physical Interfaces Link Status section of the report include:

Wireless

This section includes the wireless options enabled for each wireless adapter on your Firebox, and the interface information for any active wireless network on your device. The interface information should correspond to the wireless interfaces enabled on your device.

Bridges

This section shows the bridges enabled to the interfaces on your device, and includes any VLANs and the interface name.

For example, if your device has a wireless network bridged to a physical interface, an entry like this could appear in the Bridges section:

eth2         8000.00907f9f374a    no         eth2-phy        ath1

Bridge MACs

This sections includes the MAC address for each member interface on your device that is configured as a LAN bridge. Bridges from a wireless network to an interface are not included in this section.

Routes

Routes are included in two separate tables: IPv4 Routes and IPv6 routes.

For more information about route tables, see Read the Firebox Route Tables.

IPv4 Routes

The IPv4 Routes section includes this information for the first 100 IPv4 routes:

  • Destination — The destination IP address for the route
  • Gateway — The IP address of the gateway the route uses.
  • Genmask — The subnet mask for the destination IP address
  • Flags — Route flags that indicate characteristics of the route.
  • Metric — The routing metric, or cost for the route. A lower number indicates a lower cost and higher route priority.
  • Interface — The interface to which packets for this route will be sent. For example, eth0 for interface 0.

This information appears for IPv4 static, dynamic, connected, and BOVPN virtual interface routes.

IPv6 Routes

The IPv6 Routes section includes this information for the first 100 IPv6 routes:

  • Destination — The destination IP address for the route
  • Next Hop — The IP address of the next hop for the route.
  • Flags — Route flags that indicate characteristics of the route.
  • Metric — The routing metric, or cost for the route. A lower number indicates a lower cost and higher route priority.
  • Interface — The interface to which packets for this route will be sent. For example, eth0 for interface 0.

This information appears for IPv6 static, dynamic, connected, and BOVPN virtual interface routes.

IPv4 Routes
------------
Destination     Gateway         Genmask         Flags   Metric    Interface       
0.0.0.0         203.0.113.1     0.0.0.0         UG      5         eth0            
10.0.2.0        0.0.0.0         255.255.255.0   U       0         eth2            
10.0.10.0       0.0.0.0         255.255.255.0   U       0         eth1            
10.0.11.12      0.0.0.0         255.255.255.255 UH      255       bvpn1           
10.0.13.0       0.0.0.0         255.255.255.0   U       0         eth13           
10.0.20.0       10.0.2.1        255.255.255.0   UG      1         eth2            
10.0.200.0      0.0.0.0         255.255.255.0   U       0         eth11           
10.0.201.0      0.0.0.0         255.255.255.0   U       0         eth10           
10.10.10.0      0.0.0.0         255.255.255.0   U       0         bond0           
127.0.0.0       0.0.0.0         255.0.0.0       U       0         lo              
192.168.113.0   0.0.0.0         255.255.255.0   U       0         tun0            
203.0.113.0     0.0.0.0         255.255.255.0   U       0         eth0            


IPv6 Routes
------------
Destination                     Next Hop                        Flags     Metric    Interface 
fe80::/64                       ::                              U         256       eth0      

ARP Table

The ARP table maps IP addresses to the MAC address of each interface.

Arp
------------
IP address       HW type     Flags       HW address            Mask     Device
203.0.113.9      0x1         0x2         00:0c:29:e7:f8:72     *        eth0
203.0.113.1      0x1         0x2         00:90:7f:87:6c:d2     *        eth0
203.0.113.20     0x1         0x2         00:90:fb:1c:d6:d2     *        eth0

The ARP table on a Firebox is unique, because the device can do proxy ARP. Proxy ARP enables the device to use the same IP address on three interfaces and to route between them properly. The device does this with a special routing table and proxy ARP requests, which it uses to determine what interface certain IP addresses are connected to.

Flags in the ARP table:

C — Complete entry

M — Permanent entry

P — Published entry

- — If a dash (-) appears in the Mask column, the ARP request/response failed. This could indicate bad cabling, bad Ethernet hardware, or a host that has been removed from the network before the Firebox has removed the host ARP table entry.

An ARP entry usually has a C flag. For a drop-in configuration, ARP entries are usually flagged CMP. If the device is configured in drop-in mode, there are three ARP table entries for each IP address. When a host on any of the networks makes a request for which there is already an ARP entry, the device responds with its own MAC address, then forwards the packet to the correct IP address on one of the other interfaces.

If the HW address is 00:00:00:00:00:00, that indicates that the Firebox was not able to get an ARP response for the IP address. A large number of IP addresses with this IP address can indicate an incorrect interface configuration, or a problem in the network.

Multi-WAN

Information about multi-WAN configuration settings and interface link status appear in these two sections.

Multi-WAN
------------
MWAN is not configured

 

Multi-WAN
------------
**
** Multi-WAN status (Firewalld)
**
failbackGracePeriod=0, stickyTime:tcp=0, udp=0, others=0
=== Sticky Table === curTime=1378986380 seconds

DHCP Leases

The DHCP Leases section includes Information about the DHCP client leases on the Firebox that have completed negotiations. The DHCP lease time is the UTC time listed at the start of the report.

DHCP Leases
------------
lease 10.0.20.2 {
  starts 4 2014/12/19 18:14:48;
  ends 5 2014/12/20 02:14:48;
  tstp 5 2014/12/20 02:14:48;
  cltt 4 2014/12/19 18:14:48;
  binding state active;
  next binding state free;
  rewind binding state free;
  hardware ethernet f0:de:f1:08:ff:bb;
  uid "\001\360\336\361\010\377\273";
  client-hostname "20066-lap";
}
lease 10.0.2.3 {
  starts 2 2014/12/17 23:00:41;
  ends 3 2014/12/18 07:00:41;
  tstp 3 2014/12/18 07:00:41;
  cltt 2 2014/12/17 23:00:41;
  binding state free;
  hardware ethernet 84:38:35:a7:d1:87;
  uid "\001\20485\247\321\207";
}
lease 10.0.2.2 {
  starts 4 2014/12/19 19:23:07;
  ends 5 2014/12/20 03:23:07;
  cltt 4 2014/12/19 19:23:07;
  binding state active;
  next binding state free;
  rewind binding state free;
  hardware ethernet 00:90:7f:b0:00:98;
  uid "\001\000\220\177\260\000\230";
  client-hostname "AP100_10AP02736456C";
}
server-duid "\000\001\000\001\032CJY\000\220\177\222\347\273";

DHCPv6 Leases

If you have enabled DHCP for a trusted or optional interface that uses an IPv6 address, information about the leases for those interfaces appears in this section.

DHCPv6 Leases
------------
No active leases

Domain Name Servers

The Domain Name Servers section includes the IP addresses of the DNS servers configured on your Firebox.

Domain Name Servers
------------
nameserver 10.0.61.2
nameserver 192.168.54.61
nameserver 192.168.130.131
 

Dynamic Routing

If you have configured dynamic routing protocols (RIP, OSPF, or BGP) on your Firebox, configuration and status information appears in these sections.

Dynamic Routing
------------
Feature is not enabled

RIP
------------
Feature is not enabled

OSPF
------------
Feature is not enabled

BGP
------------
Feature is not enabled

In this example, no dynamic routing protocols are configured on the Firebox .

IPSec Routes

This section includes details about the destination and source IP addresses for the IPSec routes on your Firebox.

IPSec Routes
------------
Empty list 

The example for this Firebox does not include any IPSec routes.

If the Status Report for your Firebox does include information about the IPSec routes on the device, the value on the left is the destination subnet and the value on the right is the source address.

For example:

Destination   Source        IKE Policy    IPSec Policy   Out Interface 
10.50.1.0/24  10.0.1.0/24   VPN-Gateway   VPN-Tunnel     eth0          
Total Number # 1

In this example, there is one active route. When you troubleshoot problems with your VPNs, if the VPN does not operate correctly, or operates only intermittently, you might have reached the maximum number of allowed tunnel routes for your device.

Proxy Connection Statistics

This section contains Information on enabled proxies and their connection statistics.

Proxy
------------
Proxy Connection Statistics:
http : 0
https : 7
ftp : 0
smtp : 0
pop3 : 0
imap : 0
sip : 0
h323 : 0
tcpudp : 0
dns : 4
quarantine : 0
null : 0
pending : 1
all : 11
peak : 74

FireCluster

If your Firebox is included in a FireCluster, information about the FireCluster appears in this section.

Cluster Snapshot
-----------------
cluster is not enabled



Cluster Dynamic Information
-----------------
Cluster is not enabled



Cluster Health
-----------------
Cluster is not enabled



Cluster HA event
-----------------
Member Id (self) = A0BB002A5ED4C
Cluster Role = IDLE



Cluster Load Balance
----------------------
----------------------

Connection state
-----------
echo 0 > conn_stat  to dump the stat for default clb policy 
echo 1 > conn_stat  to dump the stat for sslvpn clb policy 
default clb policy: algorithm = 0, rr_next = 0

     member_id        conn_cnt      flags     status   kxp_handle    total_cnt
==================   ==========   =========   ======   ==========    =========

SA state
-----------
sa load balance algorithm = 0, rr_next = 0

     member_id         sa_cnt       flags     status   kxp_handle 
==================   ==========   =========   ======   ========== 

management Port
-----------
  cfgType = 0(interface = ifindex), cfgType = 1(interface = IF_PHYSICAL_XXX), cfgTYpe = 2 (all interface)

 cfgType      mgmPort      proto      interface     
===============================================  
    2          4105         06          0000 
    2          4117         06          0000 
    2          4118         06          0000 


Destination Policy IP
-----------
   echo 0 > dstPcy  to dump the complete table, or 
   echo ip > dstPcy  to dump an entry 

     dstPcyIp            member_id     
==================   ================  


interface state
-----------
   interface ip                      if type
==================                 =========== 

In this example, the Firebox is not a member of a FireCluster.

Device System Health

The System Health section includes status and connection delay information for each of the processes that run on your Firebox .

System Health
---------------
100

Module              status              delay               
cad                 ok                  1                   
ccd                 ok                  1                   
certd               ok                  1                   
configd             ok                  1                   
crd                 ok                  1                   
ctd                 ok                  1                   
cvd                 ok                  1                   
drclient            ok                  1                   
firewalld           ok                  1                   
iked                ok                  1                   
loggerd             ok                  1                   
networkd            ok                  1                   
sessiond            ok                  1                   
systemd             ok                  1                   
wgagent             ok                  1                   


------------ 

See Also

Traffic and Performance Statistics (Status Report)

Give Us Feedback     Get Support     All Product Documentation     Technical Search