Screen OS

last person joined: 8 months ago 

This is a legacy community with limited Juniper monitoring.

  • 1.  What does "Server auto detection" option do (in detail) ?

    Posted 04-16-2009 02:13

    Ive fount many posts that "server auto detection" should be switched off for some reasons.

    My question is:

     

    What does that do at all ?

     

    Ive not found explanation to this question in documentation.

     

    Regards,

    Krzysztof Zygmunt



  • 2.  RE: What does "Server auto detection" option do (in detail) ?

    Posted 04-16-2009 11:00

    Hi

    If you are refering to dhcp configurations, what it means is that :

    During the initialization of the dhcp server on the security device, the system can first check to see if there is already a DHCP server on the interface.
    ScreenOS automatically stops the local DHCP server process from starting if another DHCP server is detected on the network.

    If it receives a response from another DHCP server, the system generates a message indicating that the DHCP service is enabled on the security
    device but not started because another DHCP server is present on the network. The log message includes the IP address of the existing DHCP server.

    You can set one of three operational modes for DHCP server detection on an
    interface: auto, enable, or disable.
    Auto mode causes the security device to always check for an existing DHCP server at bootup.

     

    Taken from C&E Guide:Vol 2 Chapter 8 Page 250

     

     

    Message Edited by WL on 04-16-2009 11:00 AM


  • 3.  RE: What does "Server auto detection" option do (in detail) ?

    Posted 04-17-2009 00:40

    Thank you for reply.

     

     

    Sorry,

     

    Ive missed prividing that information.

     

    This "server auto detection" relates to Virtual IP Addresses configuration.

     



  • 4.  RE: What does "Server auto detection" option do (in detail) ?
    Best Answer

    Posted 04-17-2009 01:45

    Hi,

     

    I use this on my VIPs without problem.The auto detection option means that the device checks every now and then if the internal server the VIP is mapped to is still available or not. If the server is unavailable, then the traffic will not be forwarded. The checking is done via ICMP.

     

    To see it in action with a 'debug vip all' (internal address is 192.168.1.1, and this is for a VIP which is down currently):

     

    ## 2009-04-17 10:53:46 : ping call back 192.168.1.1, 1
    ## 2009-04-17 10:53:50 : ping call back 192.168.1.1, 1
    ## 2009-04-17 10:53:54 : ping call back 192.168.1.1, 1
    ## 2009-04-17 10:53:58 : ping call back 192.168.1.1, 1
    ## 2009-04-17 10:54:02 : ping call back 192.168.1.1, 1
    ## 2009-04-17 10:54:04 : Rev-VIP look-up for 192.168.1.1/1166(6) on 0.0.0.0/0(0)
    ## 2009-04-17 10:54:04 : No Rev-VIP found for 192.168.1.1/1166 (6)

     

    I seem to remember that there were some issues in older versions of ScreenOS (years ago) with the auto-detection causing the VIPs to fail, but I'm not aware of a problem in the current implementation.I guess if the VIP internal host doesn't respond to ping then server auto-detection would also not be a good idea, or if there is some extra internal routing that is taking place. But if the internal server is within the subnet of the firewall and responds to ping, then I think it'll be okay.

     

    Hope this helps.

     

    Regards

    Andy

     

     

     



  • 5.  RE: What does "Server auto detection" option do (in detail) ?

    Posted 04-17-2009 04:24

    Thank you for this information.