Firebox System Manager Status Report Example

The Status Report tab in Firebox System Manager contains the Firebox Status Report. This report includes information about all the currently active processes on your Firebox, the ARP table, interface and routing metrics, and other information about the current status and configuration of your device. You can use the Status Report to monitor the performance of your Firebox and the traffic through the device. You can also use the Status Report when you work with WatchGuard Technical Support to troubleshoot issues. The Status Report can include different information depending on the Firebox model.

The Status Report live statistics are reset when you reboot the Firebox.

Uptime, Version, and Serial Number Information

At the top of the Status Report, the system time, uptime for the Firebox, and the version numbers of the major software components appear. The serial number and model number of the device are also included.

Status report for 'Firebox' from Tue Oct 17 08:45:52 2023
Version : 12.10.B685791
sysb : 12.8.3.B668785
Serial #: 80XXXXXXXXXXX
Model   : T25
CPU cores: 4
Current local time: Tue Oct 17 08:45:52 2023
Current UTC time  : Tue Oct 17 15:45:52 2023
Uptime            : 5d 16h 6m 52s

Firebox Components Status

The Firebox Modular Components section contains the version number and build information for each Fireware module on the Firebox .

Firebox Modular Components
--------------------------
Module                                   Version              Build Number        
xtables6                                 12.10                 685791              
xtables-addons                           12.10                 685791              
wgversion                                12.10                 685791              
wgsync                                   12.10                 685791              
wgplatform                               12.10                 685791              
wgcore                                   12.10                 685791              
wgbase                                   12.10                 685791              
webui                                    12.10                 685791              
vpn-l2tp                                 12.10                 685791              
vpn-data                                 12.10                 685791              
vpn                                      12.10                 685791              
rootfs                                   12.10                 685791              
root                                     12.10                 685791              

Logging

The Log Configuration section contains information about whether logging is enabled to a syslog server or WatchGuard Log Server, and the IP addresses of any configured Log Servers.

To configure these settings, from Policy Manager, select Setup > Logging.

Log Configuration
-----------------
Syslog Server: 0.0.0.0
Status: Disconnected

Watchguard Log Server: Enabled
Active Server: 203.0.113.9
Status: Connected

If your device is configured to send log messages to a syslog server, because the traffic from the device to the syslog server is sent only one way, and because the connection to the syslog server is not confirmed by the device, the Status setting that appears is always Connected.

If your device is configured to send log messages to a WatchGuard Log Server, the Status only appears as Connected if the connection to the WatchGuard Log Server or Dimension is active and the Log Server accepts the log messages sent from the device. If a WatchGuard Log Server is configured for your device but the Status that appears is Disconnected, the IP address or authentication key specified in the device configuration for the Log Server might be incorrect.

Process List

The Process List section of the Status Report contains information about all the current processes on the Firebox.

The example below is a partial list. Your Status Report might include information about more processes.

Process list
------------
   PID ST   %CPU      VSS      RSS   SHARED                        STARTED     TIME    COMMAND
     0  -   0.25        0        0        0       Mon April  3 15:39:42 2023  17:18.05  system
     1  S   0.00     4236     1552     1032       Mon April  3 15:39:42 2023   0:03.00  /sbin/init
     2  S   0.00        0        0        0       Mon April  3 15:39:42 2023   0:00.00  kthreadd
     3  S   0.00        0        0        0       Mon April  3 15:39:42 2023   0:00.00  ksoftirqd/0
     4  S   0.00        0        0        0       Mon April  3 15:39:42 2023   0:00.00  kworker/0:0
     6  S   0.00        0        0        0       Mon April  3 15:39:42 2023   0:00.00  migration/0
     7  S   0.00        0        0        0       Mon April  3 15:39:42 2023   0:00.19  watchdog/0
     8  S   0.00        0        0        0       Mon April  3 15:39:42 2023   0:00.00  migration/1
     9  S   0.00        0        0        0       Mon April  3 15:39:42 2023   0:21.38  kworker/1:0
    10  S   0.00        0        0        0       Mon April  3 15:39:42 2023   0:00.00  ksoftirqd/1

Each line in the process list includes this information:

PID

The process ID.

ST

Process status codes. These are the possible status codes:

D — Uninterruptible sleep (usually IO)

R — Runnable (on run queue)

S — Sleeping

T — Traced or stopped

Z — A defunct ("zombie") process

W — Has no resident pages

< — High-priority process

N — Low-priority task

L — Has pages locked into memory (for real-time and custom IO)

I — Uninterruptible idle (does not contribute to load average)

%CPU

The percentage of CPU capacity used by this process.

VSS

Virtual memory usage.

RSS

Real memory usage.

SHARED

Shared memory usage.

STARTED

What time the process started.

TIME

The total CPU time this process used.

COMMAND

The name of the process or command.

Memory

The amount of Firebox memory currently in use appears in the Memory info section of the Status Report.

Memory info
------------
MemTotal:        4131220 kB
MemFree:         3625352 kB
MemAvailable:    1382284 kB
Buffers:            5184 kB
Cached:            75536 kB
SwapCached:            0 kB
Active:           158052 kB
Inactive:          61780 kB
Active(anon):     144584 kB
Inactive(anon):     2704 kB
Active(file):      13468 kB
Inactive(file):    59076 kB
Unevictable:           0 kB
Mlocked:               0 kB
HighTotal:       1578888 kB
HighFree:        1135952 kB
LowTotal:        2552332 kB
LowFree:         2489400 kB
SwapTotal:             0 kB
SwapFree:              0 kB
Dirty:                 0 kB
Writeback:             0 kB
AnonPages:        139116 kB
Mapped:            19944 kB
Shmem:              8176 kB
Slab:              43292 kB
SReclaimable:       8196 kB
SUnreclaim:        35096 kB
KernelStack:        1984 kB
PageTables:         2400 kB
NFS_Unstable:          0 kB
Bounce:                0 kB
WritebackTmp:          0 kB
CommitLimit:     2065608 kB
Committed_AS:     646508 kB
VmallocTotal:     516096 kB
VmallocUsed:      226132 kB
VmallocChunk:     161096 kB
HardwareCorrupted:     0 kB
HugePages_Total:       0
HugePages_Free:        0
HugePages_Rsvd:        0
HugePages_Surp:        0
Hugepagesize:       2048 kB
DirectMap4k:       10232 kB
DirectMap2M:     2605056 kB

To understand how much available memory your Firebox has, review these memory statistics, available in the Status Report:

MemTotal

This is the total amount of memory available on your device.

MemFree

This is the amount of memory that is not reserved or currently in use.

A low MemFree value does not indicate a problem with Firebox performance or resources. To improve system performance, Fireware allocates most available memory to buffers and cache. If a process requires more memory, Fireware automatically frees up memory used by buffers and cache.

MemAvailable

This is an estimate of the amount of memory that is available for starting new applications.

MemAvailable is available for Fireboxes that run Fireware v12.10 or higher. Available memory is a rough estimate of the combined values of MemFree, Cached, and Buffers. You can also query MemAvailable via SNMP with the third-party UCD-SNMP-MIB (OID: 1.3.6.1.4.1.2021.4.27.0).

Buffers

This is the amount of memory the Firebox has reserved for temporary use by all Firebox processes.

Cached

This is the amount of memory that is reserved by device processes, but not currently in use. A high Cached value does not indicate a memory problem.

Load Average

The Load Average section contains statistics about average process load over time.

Load Average
-------------
1-min   5-min   15-min   run-proc   last-pid
0.31    0.31    0.32     2/245       29751 

The Load Average shows the number of jobs in the processor core run-queue, or the run-queue length. The run-queue length is the total number of processes currently running, plus the number of processes that are on hold in the run-queue. If the Load Average values are high, the system is under heavy use and the response time is correspondingly slow.

1-min

This number is the average load for the last minute.

5-min

This number is the average load for the last 5 minutes.

15-min

This number is the average load for the last 15 minutes.

run-proc

This statistic has two numbers: the first number is the number of processes in the run state; the second number is the total number of processes on the device. In this example, the run-proc is 2/245, which means there are 2 current processes from a total of 245 on the Firebox.

last-pid

This value is the PID (process ID) that is assigned to the next process.

For example, if your Firebox has eight cores and a Load Average of 4.0, the device would not be under heavier use than a device with one core and a Load Average of .5.

IPv6 Network Hop Limit

The IPv6 Network Hop Limit section includes the current IPv6 hop limit settings configured for the interfaces on your device. The hop limit is the number of network segments a packet can travel over before it is discarded by a router. The default value is 64.

ipv6 network hop limit
-----------------------
not set

Network Configuration

The status of physical network interfaces on the Firebox appears in the Network Configuration section.

Network Configuration
------------
Enabled If-#  Dev-Name        Name                        Address            Zone*/MTU  Status IP-Assignment
Yes     0     eth0            External                    203.0.113.10/24    EX/1500    up     static         
Yes     1     eth1            Trusted                     10.0.10.1/24       TR/1500    up     static         
No      2     eth2            Optional-1                  0.0.0.0/0          OP/1500    down   static         
No      3     eth3            Optional-2                  0.0.0.0/0          OP/1500    down   static         
No      4     eth4            Optional-3                  0.0.0.0/0          OP/1500    down   static         
No      5     eth5            Optional-4                  0.0.0.0/0          OP/1500    down   static         
No      6     eth6            Optional-5                  0.0.0.0/0          OP/1500    down   static         
No      7     eth7            Optional-6                  0.0.0.0/0          OP/1500    down   static         
No      8     eth8            Optional-7                  0.0.0.0/0          OP/1500    down   static         
No      9     eth9            Optional-8                  0.0.0.0/0          OP/1500    down   static         
No      10    eth10           Optional-9                  0.0.0.0/0          OP/1500    down   static         
No      11    eth11           Optional-10                 0.0.0.0/0          OP/1500    down   static         
No      12    eth12           Optional-11                 0.0.0.0/0          OP/1500    down   static         
No      13    eth13           Optional-12                 0.0.0.0/0          OP/1500    down   static         

* Zone:  TR = trusted, EX = external, OP = optional, LA = link aggregation, VL = vlan, BR = bridge, CL = cluster 

For each interface, the Status Report indicates whether the interface is enabled, the name of the interface, and the IP address. It also shows the Maximum Transmission Unit (MTU), the status of the interface (up or down), and whether the IP address assignment is static or dynamic.

Enabled

Yes or No. This indicates whether the interface is currently enabled in the Firebox configuration.

IF-#

This is the number assigned to the interface. A wireless interface ath1, physical interface eth1, and virtual interface vlan1 can all be assigned the number 1.

Dev-Name

The name of the interface as it appears in Fireware OS. The interface name also appears in some Event and Debug log messages.

  • eth# — A physical interface on the Firebox.
  • ath# — A wireless interface on the Firebox. This only applies to wireless interfaces on the Firebox, not interfaces with a connected AP device.
  • vlan# — A Virtual LAN interface and the VLAN ID number.
  • bond# — A Link Aggregation interface.
  • br# — A bridge interface on the Firebox.

Name

The name specified for the interface. This is included in traffic log messages in Traffic Monitor.

Address

The primary IP address of the interface, in CIDR format. Secondary IP addresses do not appear in this section.

Zone*/MTU

The network zone, such as TR (trusted), EX (external), or OP (optional), and the MTU value configured for the interface.

Status

up or down. This indicates the status of the physical link or Multi-WAN interface.

IP-Assignment

static, dhcp, or pppoe. This shows how the interface is assigned an IP address.

Interfaces

Configuration information and traffic statistics for each Firebox network interface appear in this section.

Interfaces
------------
eth0      Link encap:Ethernet  HWaddr 00:90:7F:83:09:7B  
          inet addr:203.0.113.10  Bcast:203.0.113.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:1214646 errors:0 dropped:0 overruns:0 frame:0
          TX packets:1844006 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:209554416 (199.8 MiB)  TX bytes:1227193215 (1.1 GiB)
          Interrupt:16 Memory:fd980000-fd9a0000 

eth1      Link encap:Ethernet  HWaddr 00:90:7F:83:09:7A  
          inet addr:10.0.10.1  Bcast:10.0.10.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:53974 errors:0 dropped:0 overruns:0 frame:0
          TX packets:4861 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:4777751 (4.5 MiB)  TX bytes:311104 (303.8 KiB)
          Interrupt:17 Memory:fd9e0000-fda00000 

If a colon (:) appears in an interface number, it indicates a secondary network (interface alias). A period (.) in an interface number, indicates a VLAN interface. The number after the period(.) is the VLAN ID number.

Interfaces that appear in your report with names such as br1 and br2 are bridges (virtual interfaces) associated with the two VLANs on eth3,1 and eth3, 2.

A lo interface is a loopback virtual interface. This interface has the standard loopback IP address of 127.0.0.1. Packets destined for this network loop back to the Firebox .

An interface such as tun0 is a Point-to-Point VPN tunnel virtual interface.

An interface such as bond0 is a link aggregation interface.

An interface such as ath0 is a wireless interface.

An interface such as gre0 is a virtual interface related to Branch Office VPN tunnels.

An interface such as sw10 is a virtual switch interface which is used by some Firebox models to manage physical interfaces.

Each line of the status for each interface includes this information:

Interface description

Interface name, interface type, MAC address

IP Address information

Interface IP address, broadcast IP address, IP netmask

Interface status information

Interface status flags (this includes: UP, BROADCAST, MULTICAST, and others)

Interface MTU (in bytes)

Interface metric (priority)

Received packet statistics

Number of received packets

Number of receive errors (this includes jabber, CRC, buffer overrun, runt frames, and others)

Number of dropped RX packets (these are rare)

Number of FIFO overruns (these are rare)

Number of frame errors (see note below)

Transmit packet statistics

Number of transmitted packets

Number of transmit errors (generally only transceiver problems)

Number of dropped packets (these are uncommon)

Number of FIFO overruns (these are uncommon)

Number of carrier errors (generally indicate bad Ethernet hardware or bad cabling)

Collisions statistics and transmit queue length

Number of collisions and transmit queue length

Transmit and receive byte counts

Number of bytes transmitted and received

Interrupt and memory

Interrupt and memory address for this interface

A high number of errors (greater than .1% of total packets) can be caused by bad Ethernet connectivity between the Firebox and what it is connected to, or it can be caused by hardware failure.

Frame errors are Ethernet errors that fail the Cyclic Redundancy Check (CRC) of the Ethernet receiver. These errors indicate damaged frames. There can be many causes for frame errors. For example, bad wiring, broken Ethernet hardware, and cable runs that are too long.

Physical Interfaces Link Status

The Physical Interfaces Link Status section includes link information for each interface on your device.

Physical Interfaces Link Status
------------
Settings for eth0:
	Supported ports: [ TP ]
	Supported link modes:   10baseT/Half 10baseT/Full 
	                        100baseT/Half 100baseT/Full 
	                        1000baseT/Full 
	Supports auto-negotiation: Yes
	Advertised link modes:  10baseT/Half 10baseT/Full 
	                        100baseT/Half 100baseT/Full 
	                        1000baseT/Full 
	Advertised pause frame use: No
	Advertised auto-negotiation: Yes
	Speed: 100Mb/s
	Duplex: Full
	Port: Twisted Pair
	PHYAD: 1
	Transceiver: internal
	Auto-negotiation: on
	MDI-X: off
	Supports Wake-on: pumbg
	Wake-on: d
	Current message level: 0x00000001 (1)
			       drv
	Link detected: yes

Settings for eth1:
	Supported ports: [ TP ]
	Supported link modes:   10baseT/Half 10baseT/Full 
	                        100baseT/Half 100baseT/Full 
	                        1000baseT/Full 
	Supports auto-negotiation: Yes
	Advertised link modes:  10baseT/Half 10baseT/Full 
	                        100baseT/Half 100baseT/Full 
	                        1000baseT/Full 
	Advertised pause frame use: No
	Advertised auto-negotiation: Yes
	Speed: 100Mb/s
	Duplex: Full
	Port: Twisted Pair
	PHYAD: 1
	Transceiver: internal
	Auto-negotiation: on
	MDI-X: on
	Supports Wake-on: d
	Wake-on: d
	Current message level: 0x00000001 (1)
			       drv
	Link detected: yes

Other areas that can appear in the Physical Interfaces Link Status section of the report include:

Wireless

This section includes the wireless options enabled for each wireless adapter on your Firebox, and the interface information for any active wireless network on your device. The interface information should correspond to the wireless interfaces enabled on your device.

Bridges

This section shows the bridges enabled to the interfaces on your device, and includes any VLANs and the interface name.

For example, if your device has a wireless network bridged to a physical interface, an entry like this could appear in the Bridges section:

eth2         8000.00907f9f374a    no         eth2-phy        ath1

Bridge MACs

This sections includes the MAC address for each member interface on your device that is configured as a LAN bridge. Bridges from a wireless network to an interface are not included in this section.

Routes

Routes are included in two separate tables: IPv4 Routes and IPv6 routes.

For more information about route tables, go to Read the Firebox Route Tables.

IPv4 Routes

The IPv4 Routes section includes this information for the first 100 IPv4 routes:

  • Destination — The destination IP address for the route
  • Gateway — The IP address of the gateway the route uses.
  • Genmask — The subnet mask for the destination IP address
  • Flags — Route flags that indicate characteristics of the route.
  • Distance — The routing metric, or cost for the route. A lower number indicates a lower cost and higher route priority. In Fireware v12.9 or higher, the Distance setting replaces the Metric setting.
  • Interface — The interface to which packets for this route will be sent. For example, eth0 for interface 0.

This information appears for IPv4 static, dynamic, connected, and BOVPN virtual interface routes.

IPv6 Routes

The IPv6 Routes section includes this information for the first 100 IPv6 routes:

  • Destination — The destination IP address for the route
  • Next Hop — The IP address of the next hop for the route.
  • Flags — Route flags that indicate characteristics of the route.
  • Distance — The routing metric, or cost for the route. A lower number indicates a lower cost and higher route priority. In Fireware v12.9 or higher, the Distance setting replaces the Metric setting.
  • Interface — The interface to which packets for this route will be sent. For example, eth0 for interface 0.

This information appears for IPv6 static, dynamic, connected, and BOVPN virtual interface routes.

IPv4 Routes
------------
Destination     Gateway         Genmask         Flags   Distance    Interface       
0.0.0.0         203.0.113.1     0.0.0.0         UG      5         eth0            
10.0.2.0        0.0.0.0         255.255.255.0   U       0         eth2            
10.0.10.0       0.0.0.0         255.255.255.0   U       0         eth1            
10.0.11.12      0.0.0.0         255.255.255.255 UH      255       bvpn1           
10.0.13.0       0.0.0.0         255.255.255.0   U       0         eth13           
10.0.20.0       10.0.2.1        255.255.255.0   UG      1         eth2            
10.0.200.0      0.0.0.0         255.255.255.0   U       0         eth11           
10.0.201.0      0.0.0.0         255.255.255.0   U       0         eth10           
10.10.10.0      0.0.0.0         255.255.255.0   U       0         bond0           
127.0.0.0       0.0.0.0         255.0.0.0       U       0         lo              
192.168.113.0   0.0.0.0         255.255.255.0   U       0         tun0            
203.0.113.0     0.0.0.0         255.255.255.0   U       0         eth0            


IPv6 Routes
------------
Destination                     Next Hop                        Flags     Distance    Interface 
fe80::/64                       ::                              U         256       eth0      

ARP Table

The ARP table maps IP addresses to the MAC address of each interface.

Arp
------------
IP address       HW type     Flags       HW address            Mask     Device
203.0.113.9      0x1         0x2         00:0c:29:e7:f8:72     *        eth0
203.0.113.1      0x1         0x2         00:90:7f:87:6c:d2     *        eth0
203.0.113.20     0x1         0x2         00:90:fb:1c:d6:d2     *        eth0

The ARP table on a Firebox is unique, because the device can do proxy ARP. Proxy ARP enables the device to use the same IP address on three interfaces and to route between them properly. The device does this with a special routing table and proxy ARP requests, which it uses to determine what interface certain IP addresses are connected to.

Flags in the ARP table:

C — Complete entry

M — Permanent entry

P — Published entry

- — If a dash (-) appears in the Mask column, the ARP request/response failed. This could indicate bad cabling, bad Ethernet hardware, or a host that has been removed from the network before the Firebox has removed the host ARP table entry.

An ARP entry usually has a C flag. For a drop-in configuration, ARP entries are usually flagged CMP. If the device is configured in drop-in mode, there are three ARP table entries for each IP address. When a host on any of the networks makes a request for which there is already an ARP entry, the device responds with its own MAC address, then forwards the packet to the correct IP address on one of the other interfaces.

If the HW address is 00:00:00:00:00:00, that indicates that the Firebox was not able to get an ARP response for the IP address. A large number of IP addresses with this IP address can indicate an incorrect interface configuration, or a problem in the network.

Multi-WAN

Information about multi-WAN configuration settings and interface link status appear in these two sections.

Multi-WAN
------------
MWAN is not configured

 

Multi-WAN
------------
**
** Multi-WAN status (Firewalld)
**
failbackGracePeriod=0, stickyTime:tcp=0, udp=0, others=0
=== Sticky Table === curTime=1378986380 seconds

DHCP Leases

The DHCP Leases section includes Information about the DHCP client leases on the Firebox that have completed negotiations. The DHCP lease time is the UTC time listed at the start of the report.

In Fireware v12.6.2 or higher, the DHCP Leases section also includes:

  • Number of DHCP leases in use
  • Total number of DHCP leases available in the configuration
DHCP Leases
Summary: 3 out of 253 IPs are leased
------------
lease 10.0.2.2 {
  starts 4 2023/12/19 18:14:48;
  ends 5 2023/12/20 02:14:48;
  tstp 5 2023/12/20 02:14:48;
  cltt 4 2023/12/19 18:14:48;
  binding state active;
  next binding state free;
  rewind binding state free;
  hardware ethernet f0:de:f1:08:ff:bb;
  uid "\001\360\336\361\010\377\273";
  client-hostname "20066-lap";
}
lease 10.0.2.3 {
  starts 2 2023/12/17 23:00:41;
  ends 3 2023/12/18 07:00:41;
  tstp 3 2023/12/18 07:00:41;
  cltt 2 2023/12/17 23:00:41;
  binding state free;
  hardware ethernet 84:38:35:a7:d1:87;
  uid "\001\20485\247\321\207";
}
lease 10.0.2.4 {
  starts 4 2023/12/19 19:23:07;
  ends 5 2023/12/20 03:23:07;
  cltt 4 2023/12/19 19:23:07;
  binding state active;
  next binding state free;
  rewind binding state free;
  hardware ethernet 00:90:7f:b0:00:98;
  uid "\001\000\220\177\260\000\230";
  client-hostname "AP100_10AP02736456C";
}
server-duid "\000\001\000\001\032CJY\000\220\177\222\347\273";

DHCPv6 Leases

If you have enabled DHCP for a trusted or optional interface that uses an IPv6 address, information about the leases for those interfaces appears in this section.

DHCPv6 Leases
------------
No active leases

Domain Name Servers

The Domain Name Servers section includes the IP addresses of the DNS servers configured on your Firebox.

Domain Name Servers
------------
nameserver 10.0.61.2
nameserver 192.168.54.61
nameserver 192.168.130.131
 

Dynamic Routing

If you have configured dynamic routing protocols (RIP, OSPF, or BGP) on your Firebox, configuration and status information appears in these sections.

Dynamic Routing
------------
Feature is not enabled

RIP
------------
Feature is not enabled

OSPF
------------
Feature is not enabled

BGP
------------
Feature is not enabled

In this example, no dynamic routing protocols are configured on the Firebox .

IPSec Routes

This section includes details about the destination and source IP addresses for the IPSec routes on your Firebox.

IPSec Routes
------------
Empty list 

The example for this Firebox does not include any IPSec routes.

If the Status Report for your Firebox does include information about the IPSec routes on the device, the value on the left is the destination subnet and the value on the right is the source address.

For example:

Destination   Source        IKE Policy    IPSec Policy   Out Interface 
10.50.1.0/24  10.0.1.0/24   VPN-Gateway   VPN-Tunnel     eth0          
Total Number # 1

In this example, there is one active route. When you troubleshoot problems with your VPNs, if the VPN does not operate correctly, or operates only intermittently, you might have reached the maximum number of allowed tunnel routes for your device.

Proxy Connection Statistics

This section contains Information on enabled proxies and their connection statistics.

Proxy
------------
Proxy Connection Statistics:
http : 0
https : 7
ftp : 0
smtp : 0
pop3 : 0
imap : 0
sip : 0
h323 : 0
tcpudp : 0
dns : 4
quarantine : 0
null : 0
pending : 1
all : 11
peak : 74

FireCluster

If your Firebox is included in a FireCluster, information about the FireCluster appears in this section.

Cluster Snapshot
-----------------
cluster is not enabled



Cluster Dynamic Information
-----------------
Cluster is not enabled



Cluster Health
-----------------
Cluster is not enabled



Cluster HA event
-----------------
Member Id (self) = A0BB002A5ED4C
Cluster Role = IDLE



Cluster Load Balance
----------------------
----------------------

Connection state
-----------
echo 0 > conn_stat  to dump the stat for default clb policy 
echo 1 > conn_stat  to dump the stat for sslvpn clb policy 
default clb policy: algorithm = 0, rr_next = 0

     member_id        conn_cnt      flags     status   kxp_handle    total_cnt
==================   ==========   =========   ======   ==========    =========

SA state
-----------
sa load balance algorithm = 0, rr_next = 0

     member_id         sa_cnt       flags     status   kxp_handle 
==================   ==========   =========   ======   ========== 

management Port
-----------
  cfgType = 0(interface = ifindex), cfgType = 1(interface = IF_PHYSICAL_XXX), cfgTYpe = 2 (all interface)

 cfgType      mgmPort      proto      interface     
===============================================  
    2          4105         06          0000 
    2          4117         06          0000 
    2          4118         06          0000 


Destination Policy IP
-----------
   echo 0 > dstPcy  to dump the complete table, or 
   echo ip > dstPcy  to dump an entry 

     dstPcyIp            member_id     
==================   ================  


interface state
-----------
   interface ip                      if type
==================                 =========== 

In this example, the Firebox is not a member of a FireCluster.

Device System Health

The System Health section includes status and connection delay information for each of the processes that run on your Firebox .

System Health
---------------
100

Module              status              delay               
cad                 ok                  1                   
ccd                 ok                  1                   
certd               ok                  1                   
configd             ok                  1                   
crd                 ok                  1                   
ctd                 ok                  1                   
cvd                 ok                  1                   
drclient            ok                  1                   
firewalld           ok                  1                   
iked                ok                  1                   
loggerd             ok                  1                   
networkd            ok                  1                   
sessiond            ok                  1                   
systemd             ok                  1                   
wgagent             ok                  1                   


------------ 

Related Topics

Traffic and Performance Statistics (Status Report)