Firebox System Manager Status Report Example
The Status Report tab in Firebox System Manager contains the Firebox Status Report. This report includes information about all the currently active processes on your Firebox, the ARP table, interface and routing metrics, and other information about the current status and configuration of your device. You can use the Status Report to monitor the performance of your Firebox and the traffic through the device. You can also use the Status Report when you work with WatchGuard Technical Support to troubleshoot issues. The Status Report can include different information depending on the Firebox model.
The Status Report live statistics are reset when you reboot the Firebox.
Uptime, Version, and Serial Number Information
At the top of the Status Report, the system time, uptime for the Firebox, and the version numbers of the major software components appear. The serial number and model number of the device are also included.
Status report for 'Firebox' from Tue Oct 17 08:45:52 2023
Version : 12.10.B685791
sysb : 12.8.3.B668785
Serial #: 80XXXXXXXXXXX
Model : T25
CPU cores: 4
Current local time: Tue Oct 17 08:45:52 2023
Current UTC time : Tue Oct 17 15:45:52 2023
Uptime : 5d 16h 6m 52s
Firebox Components Status
The Firebox Modular Components section contains the version number and build information for each Fireware module on the Firebox .
Firebox Modular Components -------------------------- Module Version Build Number xtables6 12.10 685791 xtables-addons 12.10 685791 wgversion 12.10 685791 wgsync 12.10 685791 wgplatform 12.10 685791 wgcore 12.10 685791 wgbase 12.10 685791 webui 12.10 685791 vpn-l2tp 12.10 685791 vpn-data 12.10 685791 vpn 12.10 685791 rootfs 12.10 685791 root 12.10 685791
Logging
The Log Configuration section contains information about whether logging is enabled to a syslog server or WatchGuard Log Server, and the IP addresses of any configured Log Servers.
To configure these settings, from Policy Manager, select Setup > Logging.
Log Configuration ----------------- Syslog Server: 0.0.0.0 Status: Disconnected Watchguard Log Server: Enabled Active Server: 203.0.113.9 Status: Connected
If your device is configured to send log messages to a syslog server, because the traffic from the device to the syslog server is sent only one way, and because the connection to the syslog server is not confirmed by the device, the Status setting that appears is always Connected.
If your device is configured to send log messages to a WatchGuard Log Server, the Status only appears as Connected if the connection to the WatchGuard Log Server or Dimension is active and the Log Server accepts the log messages sent from the device. If a WatchGuard Log Server is configured for your device but the Status that appears is Disconnected, the IP address or authentication key specified in the device configuration for the Log Server might be incorrect.
Process List
The Process List section of the Status Report contains information about all the current processes on the Firebox.
The example below is a partial list. Your Status Report might include information about more processes.
Process list ------------ PID ST %CPU VSS RSS SHARED STARTED TIME COMMAND 0 - 0.25 0 0 0 Mon April 3 15:39:42 2023 17:18.05 system 1 S 0.00 4236 1552 1032 Mon April 3 15:39:42 2023 0:03.00 /sbin/init 2 S 0.00 0 0 0 Mon April 3 15:39:42 2023 0:00.00 kthreadd 3 S 0.00 0 0 0 Mon April 3 15:39:42 2023 0:00.00 ksoftirqd/0 4 S 0.00 0 0 0 Mon April 3 15:39:42 2023 0:00.00 kworker/0:0 6 S 0.00 0 0 0 Mon April 3 15:39:42 2023 0:00.00 migration/0 7 S 0.00 0 0 0 Mon April 3 15:39:42 2023 0:00.19 watchdog/0 8 S 0.00 0 0 0 Mon April 3 15:39:42 2023 0:00.00 migration/1 9 S 0.00 0 0 0 Mon April 3 15:39:42 2023 0:21.38 kworker/1:0 10 S 0.00 0 0 0 Mon April 3 15:39:42 2023 0:00.00 ksoftirqd/1
Each line in the process list includes this information:
PID
The process ID.
ST
Process status codes. These are the possible status codes:
D — Uninterruptible sleep (usually IO)
R — Runnable (on run queue)
S — Sleeping
T — Traced or stopped
Z — A defunct ("zombie") process
W — Has no resident pages
< — High-priority process
N — Low-priority task
L — Has pages locked into memory (for real-time and custom IO)
I — Uninterruptible idle (does not contribute to load average)
%CPU
The percentage of CPU capacity used by this process.
VSS
Virtual memory usage.
RSS
Real memory usage.
SHARED
Shared memory usage.
STARTED
What time the process started.
TIME
The total CPU time this process used.
COMMAND
The name of the process or command.
Memory
The amount of Firebox memory currently in use appears in the Memory info section of the Status Report.
Memory info ------------ MemTotal: 4131220 kB MemFree: 3625352 kB MemAvailable: 1382284 kB Buffers: 5184 kB Cached: 75536 kB SwapCached: 0 kB Active: 158052 kB Inactive: 61780 kB Active(anon): 144584 kB Inactive(anon): 2704 kB Active(file): 13468 kB Inactive(file): 59076 kB Unevictable: 0 kB Mlocked: 0 kB HighTotal: 1578888 kB HighFree: 1135952 kB LowTotal: 2552332 kB LowFree: 2489400 kB SwapTotal: 0 kB SwapFree: 0 kB Dirty: 0 kB Writeback: 0 kB AnonPages: 139116 kB Mapped: 19944 kB Shmem: 8176 kB Slab: 43292 kB SReclaimable: 8196 kB SUnreclaim: 35096 kB KernelStack: 1984 kB PageTables: 2400 kB NFS_Unstable: 0 kB Bounce: 0 kB WritebackTmp: 0 kB CommitLimit: 2065608 kB Committed_AS: 646508 kB VmallocTotal: 516096 kB VmallocUsed: 226132 kB VmallocChunk: 161096 kB HardwareCorrupted: 0 kB HugePages_Total: 0 HugePages_Free: 0 HugePages_Rsvd: 0 HugePages_Surp: 0 Hugepagesize: 2048 kB DirectMap4k: 10232 kB DirectMap2M: 2605056 kB
To understand how much available memory your Firebox has, review these memory statistics, available in the Status Report:
MemTotal
This is the total amount of memory available on your device.
MemFree
This is the amount of memory that is not reserved or currently in use.
A low MemFree value does not indicate a problem with Firebox performance or resources. To improve system performance, Fireware allocates most available memory to buffers and cache. If a process requires more memory, Fireware automatically frees up memory used by buffers and cache.
MemAvailable
This is an estimate of the amount of memory that is available for starting new applications.
MemAvailable is available for Fireboxes that run Fireware v12.10 or higher. Available memory is a rough estimate of the combined values of MemFree, Cached, and Buffers. You can also query MemAvailable via SNMP with the third-party UCD-SNMP-MIB (OID: 1.3.6.1.4.1.2021.4.27.0).
Buffers
This is the amount of memory the Firebox has reserved for temporary use by all Firebox processes.
Cached
This is the amount of memory that is reserved by device processes, but not currently in use. A high Cached value does not indicate a memory problem.
Load Average
The Load Average section contains statistics about average process load over time.
Load Average ------------- 1-min 5-min 15-min run-proc last-pid 0.31 0.31 0.32 2/245 29751
The Load Average shows the number of jobs in the processor core run-queue, or the run-queue length. The run-queue length is the total number of processes currently running, plus the number of processes that are on hold in the run-queue. If the Load Average values are high, the system is under heavy use and the response time is correspondingly slow.
1-min
This number is the average load for the last minute.
5-min
This number is the average load for the last 5 minutes.
15-min
This number is the average load for the last 15 minutes.
run-proc
This statistic has two numbers: the first number is the number of processes in the run state; the second number is the total number of processes on the device. In this example, the run-proc is 2/245, which means there are 2 current processes from a total of 245 on the Firebox.
last-pid
This value is the PID (process ID) that is assigned to the next process.
For example, if your Firebox has eight cores and a Load Average of 4.0, the device would not be under heavier use than a device with one core and a Load Average of .5.
IPv6 Network Hop Limit
The IPv6 Network Hop Limit section includes the current IPv6 hop limit settings configured for the interfaces on your device. The hop limit is the number of network segments a packet can travel over before it is discarded by a router. The default value is 64.
ipv6 network hop limit ----------------------- not set
Network Configuration
The status of physical network interfaces on the Firebox appears in the Network Configuration section.
Network Configuration ------------ Enabled If-# Dev-Name Name Address Zone*/MTU Status IP-Assignment Yes 0 eth0 External 203.0.113.10/24 EX/1500 up static Yes 1 eth1 Trusted 10.0.10.1/24 TR/1500 up static No 2 eth2 Optional-1 0.0.0.0/0 OP/1500 down static No 3 eth3 Optional-2 0.0.0.0/0 OP/1500 down static No 4 eth4 Optional-3 0.0.0.0/0 OP/1500 down static No 5 eth5 Optional-4 0.0.0.0/0 OP/1500 down static No 6 eth6 Optional-5 0.0.0.0/0 OP/1500 down static No 7 eth7 Optional-6 0.0.0.0/0 OP/1500 down static No 8 eth8 Optional-7 0.0.0.0/0 OP/1500 down static No 9 eth9 Optional-8 0.0.0.0/0 OP/1500 down static No 10 eth10 Optional-9 0.0.0.0/0 OP/1500 down static No 11 eth11 Optional-10 0.0.0.0/0 OP/1500 down static No 12 eth12 Optional-11 0.0.0.0/0 OP/1500 down static No 13 eth13 Optional-12 0.0.0.0/0 OP/1500 down static * Zone: TR = trusted, EX = external, OP = optional, LA = link aggregation, VL = vlan, BR = bridge, CL = cluster
For each interface, the Status Report indicates whether the interface is enabled, the name of the interface, and the IP address. It also shows the Maximum Transmission Unit (MTU), the status of the interface (up or down), and whether the IP address assignment is static or dynamic.
Enabled
Yes or No. This indicates whether the interface is currently enabled in the Firebox configuration.
IF-#
This is the number assigned to the interface. A wireless interface ath1, physical interface eth1, and virtual interface vlan1 can all be assigned the number 1.
Dev-Name
The name of the interface as it appears in Fireware OS. The interface name also appears in some Event and Debug log messages.
- eth# — A physical interface on the Firebox.
- ath# — A wireless interface on the Firebox. This only applies to wireless interfaces on the Firebox, not interfaces with a connected AP device.
- vlan# — A Virtual LAN interface and the VLAN ID number.
- bond# — A Link Aggregation interface.
- br# — A bridge interface on the Firebox.
Name
The name specified for the interface. This is included in traffic log messages in Traffic Monitor.
Address
The primary IP address of the interface, in CIDR format. Secondary IP addresses do not appear in this section.
Zone*/MTU
The network zone, such as TR (trusted), EX (external), or OP (optional), and the MTU value configured for the interface.
Status
up or down. This indicates the status of the physical link or Multi-WAN interface.
IP-Assignment
static, dhcp, or pppoe. This shows how the interface is assigned an IP address.
Interfaces
Configuration information and traffic statistics for each Firebox network interface appear in this section.
Interfaces ------------ eth0 Link encap:Ethernet HWaddr 00:90:7F:83:09:7B inet addr:203.0.113.10 Bcast:203.0.113.255 Mask:255.255.255.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:1214646 errors:0 dropped:0 overruns:0 frame:0 TX packets:1844006 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:209554416 (199.8 MiB) TX bytes:1227193215 (1.1 GiB) Interrupt:16 Memory:fd980000-fd9a0000 eth1 Link encap:Ethernet HWaddr 00:90:7F:83:09:7A inet addr:10.0.10.1 Bcast:10.0.10.255 Mask:255.255.255.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:53974 errors:0 dropped:0 overruns:0 frame:0 TX packets:4861 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:4777751 (4.5 MiB) TX bytes:311104 (303.8 KiB) Interrupt:17 Memory:fd9e0000-fda00000
If a colon (:) appears in an interface number, it indicates a secondary network (interface alias). A period (.) in an interface number, indicates a VLAN interface. The number after the period(.) is the VLAN ID number.
Interfaces that appear in your report with names such as br1 and br2 are bridges (virtual interfaces) associated with the two VLANs on eth3,1 and eth3, 2.
A lo interface is a loopback virtual interface. This interface has the standard loopback IP address of 127.0.0.1. Packets destined for this network loop back to the Firebox .
An interface such as tun0 is a Point-to-Point VPN tunnel virtual interface.
An interface such as bond0 is a link aggregation interface.
An interface such as ath0 is a wireless interface.
An interface such as gre0 is a virtual interface related to Branch Office VPN tunnels.
An interface such as sw10 is a virtual switch interface which is used by some Firebox models to manage physical interfaces.
Each line of the status for each interface includes this information:
Interface description
Interface name, interface type, MAC address
IP Address information
Interface IP address, broadcast IP address, IP netmask
Interface status information
Interface status flags (this includes: UP, BROADCAST, MULTICAST, and others)
Interface MTU (in bytes)
Interface metric (priority)
Received packet statistics
Number of received packets
Number of receive errors (this includes jabber, CRC, buffer overrun, runt frames, and others)
Number of dropped RX packets (these are rare)
Number of FIFO overruns (these are rare)
Number of frame errors (see note below)
Transmit packet statistics
Number of transmitted packets
Number of transmit errors (generally only transceiver problems)
Number of dropped packets (these are uncommon)
Number of FIFO overruns (these are uncommon)
Number of carrier errors (generally indicate bad Ethernet hardware or bad cabling)
Collisions statistics and transmit queue length
Number of collisions and transmit queue length
Transmit and receive byte counts
Number of bytes transmitted and received
Interrupt and memory
Interrupt and memory address for this interface
A high number of errors (greater than .1% of total packets) can be caused by bad Ethernet connectivity between the Firebox and what it is connected to, or it can be caused by hardware failure.
Frame errors are Ethernet errors that fail the Cyclic Redundancy Check (CRC) of the Ethernet receiver. These errors indicate damaged frames. There can be many causes for frame errors. For example, bad wiring, broken Ethernet hardware, and cable runs that are too long.
Physical Interfaces Link Status
The Physical Interfaces Link Status section includes link information for each interface on your device.
Physical Interfaces Link Status ------------ Settings for eth0: Supported ports: [ TP ] Supported link modes: 10baseT/Half 10baseT/Full 100baseT/Half 100baseT/Full 1000baseT/Full Supports auto-negotiation: Yes Advertised link modes: 10baseT/Half 10baseT/Full 100baseT/Half 100baseT/Full 1000baseT/Full Advertised pause frame use: No Advertised auto-negotiation: Yes Speed: 100Mb/s Duplex: Full Port: Twisted Pair PHYAD: 1 Transceiver: internal Auto-negotiation: on MDI-X: off Supports Wake-on: pumbg Wake-on: d Current message level: 0x00000001 (1) drv Link detected: yes Settings for eth1: Supported ports: [ TP ] Supported link modes: 10baseT/Half 10baseT/Full 100baseT/Half 100baseT/Full 1000baseT/Full Supports auto-negotiation: Yes Advertised link modes: 10baseT/Half 10baseT/Full 100baseT/Half 100baseT/Full 1000baseT/Full Advertised pause frame use: No Advertised auto-negotiation: Yes Speed: 100Mb/s Duplex: Full Port: Twisted Pair PHYAD: 1 Transceiver: internal Auto-negotiation: on MDI-X: on Supports Wake-on: d Wake-on: d Current message level: 0x00000001 (1) drv Link detected: yes
Other areas that can appear in the Physical Interfaces Link Status section of the report include:
Wireless
This section includes the wireless options enabled for each wireless adapter on your Firebox, and the interface information for any active wireless network on your device. The interface information should correspond to the wireless interfaces enabled on your device.
Bridges
This section shows the bridges enabled to the interfaces on your device, and includes any VLANs and the interface name.
For example, if your device has a wireless network bridged to a physical interface, an entry like this could appear in the Bridges section:
eth2 8000.00907f9f374a no eth2-phy ath1
Bridge MACs
This sections includes the MAC address for each member interface on your device that is configured as a LAN bridge. Bridges from a wireless network to an interface are not included in this section.
Routes
Routes are included in two separate tables: IPv4 Routes and IPv6 routes.
For more information about route tables, go to Read the Firebox Route Tables.
IPv4 Routes
The IPv4 Routes section includes this information for the first 100 IPv4 routes:
- Destination — The destination IP address for the route
- Gateway — The IP address of the gateway the route uses.
- Genmask — The subnet mask for the destination IP address
- Flags — Route flags that indicate characteristics of the route.
- Distance — The routing metric, or cost for the route. A lower number indicates a lower cost and higher route priority. In Fireware v12.9 or higher, the Distance setting replaces the Metric setting.
- Interface — The interface to which packets for this route will be sent. For example, eth0 for interface 0.
This information appears for IPv4 static, dynamic, connected, and BOVPN virtual interface routes.
IPv6 Routes
The IPv6 Routes section includes this information for the first 100 IPv6 routes:
- Destination — The destination IP address for the route
- Next Hop — The IP address of the next hop for the route.
- Flags — Route flags that indicate characteristics of the route.
- Distance — The routing metric, or cost for the route. A lower number indicates a lower cost and higher route priority. In Fireware v12.9 or higher, the Distance setting replaces the Metric setting.
- Interface — The interface to which packets for this route will be sent. For example, eth0 for interface 0.
This information appears for IPv6 static, dynamic, connected, and BOVPN virtual interface routes.
IPv4 Routes ------------ Destination Gateway Genmask Flags Distance Interface 0.0.0.0 203.0.113.1 0.0.0.0 UG 5 eth0 10.0.2.0 0.0.0.0 255.255.255.0 U 0 eth2 10.0.10.0 0.0.0.0 255.255.255.0 U 0 eth1 10.0.11.12 0.0.0.0 255.255.255.255 UH 255 bvpn1 10.0.13.0 0.0.0.0 255.255.255.0 U 0 eth13 10.0.20.0 10.0.2.1 255.255.255.0 UG 1 eth2 10.0.200.0 0.0.0.0 255.255.255.0 U 0 eth11 10.0.201.0 0.0.0.0 255.255.255.0 U 0 eth10 10.10.10.0 0.0.0.0 255.255.255.0 U 0 bond0 127.0.0.0 0.0.0.0 255.0.0.0 U 0 lo 192.168.113.0 0.0.0.0 255.255.255.0 U 0 tun0 203.0.113.0 0.0.0.0 255.255.255.0 U 0 eth0 IPv6 Routes ------------ Destination Next Hop Flags Distance Interface fe80::/64 :: U 256 eth0
ARP Table
The ARP table maps IP addresses to the MAC address of each interface.
Arp ------------ IP address HW type Flags HW address Mask Device 203.0.113.9 0x1 0x2 00:0c:29:e7:f8:72 * eth0 203.0.113.1 0x1 0x2 00:90:7f:87:6c:d2 * eth0 203.0.113.20 0x1 0x2 00:90:fb:1c:d6:d2 * eth0
The ARP table on a Firebox is unique, because the device can do proxy ARP. Proxy ARP enables the device to use the same IP address on three interfaces and to route between them properly. The device does this with a special routing table and proxy ARP requests, which it uses to determine what interface certain IP addresses are connected to.
Flags in the ARP table:
C — Complete entry
M — Permanent entry
P — Published entry
- — If a dash (-) appears in the Mask column, the ARP request/response failed. This could indicate bad cabling, bad Ethernet hardware, or a host that has been removed from the network before the Firebox has removed the host ARP table entry.
An ARP entry usually has a C flag. For a drop-in configuration, ARP entries are usually flagged CMP. If the device is configured in drop-in mode, there are three ARP table entries for each IP address. When a host on any of the networks makes a request for which there is already an ARP entry, the device responds with its own MAC address, then forwards the packet to the correct IP address on one of the other interfaces.
If the HW address is 00:00:00:00:00:00, that indicates that the Firebox was not able to get an ARP response for the IP address. A large number of IP addresses with this IP address can indicate an incorrect interface configuration, or a problem in the network.
Multi-WAN
Information about multi-WAN configuration settings and interface link status appear in these two sections.
Multi-WAN ------------ MWAN is not configured
Multi-WAN ------------ ** ** Multi-WAN status (Firewalld) ** failbackGracePeriod=0, stickyTime:tcp=0, udp=0, others=0 === Sticky Table === curTime=1378986380 seconds
DHCP Leases
The DHCP Leases section includes Information about the DHCP client leases on the Firebox that have completed negotiations. The DHCP lease time is the UTC time listed at the start of the report.
In Fireware v12.6.2 or higher, the DHCP Leases section also includes:
- Number of DHCP leases in use
- Total number of DHCP leases available in the configuration
DHCP Leases Summary: 3 out of 253 IPs are leased ------------ lease 10.0.2.2 { starts 4 2023/12/19 18:14:48; ends 5 2023/12/20 02:14:48; tstp 5 2023/12/20 02:14:48; cltt 4 2023/12/19 18:14:48; binding state active; next binding state free; rewind binding state free; hardware ethernet f0:de:f1:08:ff:bb; uid "\001\360\336\361\010\377\273"; client-hostname "20066-lap"; } lease 10.0.2.3 { starts 2 2023/12/17 23:00:41; ends 3 2023/12/18 07:00:41; tstp 3 2023/12/18 07:00:41; cltt 2 2023/12/17 23:00:41; binding state free; hardware ethernet 84:38:35:a7:d1:87; uid "\001\20485\247\321\207"; } lease 10.0.2.4 { starts 4 2023/12/19 19:23:07; ends 5 2023/12/20 03:23:07; cltt 4 2023/12/19 19:23:07; binding state active; next binding state free; rewind binding state free; hardware ethernet 00:90:7f:b0:00:98; uid "\001\000\220\177\260\000\230"; client-hostname "AP100_10AP02736456C"; } server-duid "\000\001\000\001\032CJY\000\220\177\222\347\273";
DHCPv6 Leases
If you have enabled DHCP for a trusted or optional interface that uses an IPv6 address, information about the leases for those interfaces appears in this section.
DHCPv6 Leases ------------ No active leases
Domain Name Servers
The Domain Name Servers section includes the IP addresses of the DNS servers configured on your Firebox.
Domain Name Servers ------------ nameserver 10.0.61.2 nameserver 192.168.54.61 nameserver 192.168.130.131
Dynamic Routing
If you have configured dynamic routing protocols (RIP, OSPF, or BGP) on your Firebox, configuration and status information appears in these sections.
Dynamic Routing ------------ Feature is not enabled RIP ------------ Feature is not enabled OSPF ------------ Feature is not enabled BGP ------------ Feature is not enabled
In this example, no dynamic routing protocols are configured on the Firebox .
IPSec Routes
This section includes details about the destination and source IP addresses for the IPSec routes on your Firebox.
IPSec Routes ------------ Empty list
The example for this Firebox does not include any IPSec routes.
If the Status Report for your Firebox does include information about the IPSec routes on the device, the value on the left is the destination subnet and the value on the right is the source address.
For example:
Destination Source IKE Policy IPSec Policy Out Interface 10.50.1.0/24 10.0.1.0/24 VPN-Gateway VPN-Tunnel eth0 Total Number # 1
In this example, there is one active route. When you troubleshoot problems with your VPNs, if the VPN does not operate correctly, or operates only intermittently, you might have reached the maximum number of allowed tunnel routes for your device.
Proxy Connection Statistics
This section contains Information on enabled proxies and their connection statistics.
Proxy
------------
Proxy Connection Statistics:
http : 0
https : 7
ftp : 0
smtp : 0
pop3 : 0
imap : 0
sip : 0
h323 : 0
tcpudp : 0
dns : 4
quarantine : 0
null : 0
pending : 1
all : 11
peak : 74
FireCluster
If your Firebox is included in a FireCluster, information about the FireCluster appears in this section.
Cluster Snapshot ----------------- cluster is not enabled Cluster Dynamic Information ----------------- Cluster is not enabled Cluster Health ----------------- Cluster is not enabled Cluster HA event ----------------- Member Id (self) = A0BB002A5ED4C Cluster Role = IDLE Cluster Load Balance ---------------------- ---------------------- Connection state ----------- echo 0 > conn_stat to dump the stat for default clb policy echo 1 > conn_stat to dump the stat for sslvpn clb policy default clb policy: algorithm = 0, rr_next = 0 member_id conn_cnt flags status kxp_handle total_cnt ================== ========== ========= ====== ========== ========= SA state ----------- sa load balance algorithm = 0, rr_next = 0 member_id sa_cnt flags status kxp_handle ================== ========== ========= ====== ========== management Port ----------- cfgType = 0(interface = ifindex), cfgType = 1(interface = IF_PHYSICAL_XXX), cfgTYpe = 2 (all interface) cfgType mgmPort proto interface =============================================== 2 4105 06 0000 2 4117 06 0000 2 4118 06 0000 Destination Policy IP ----------- echo 0 > dstPcy to dump the complete table, or echo ip > dstPcy to dump an entry dstPcyIp member_id ================== ================ interface state ----------- interface ip if type ================== ===========
In this example, the Firebox is not a member of a FireCluster.
Device System Health
The System Health section includes status and connection delay information for each of the processes that run on your Firebox .
System Health --------------- 100 Module status delay cad ok 1 ccd ok 1 certd ok 1 configd ok 1 crd ok 1 ctd ok 1 cvd ok 1 drclient ok 1 firewalld ok 1 iked ok 1 loggerd ok 1 networkd ok 1 sessiond ok 1 systemd ok 1 wgagent ok 1 ------------