ScreenOS Firewalls (NOT SRX)
What does "Server auto detection" option do (in detail) ?

‎04-16-2009 02:13 AM

Ive fount many posts that "server auto detection" should be switched off for some reasons.

What does that do at all ?


Krzysztof Zygmunt

Re: What does "Server auto detection" option do (in detail) ?

‎04-16-2009 10:59 AM


If you are refering to dhcp configurations, what it means is that :

During the initialization of the dhcp server on the security device, the system can first check to see if there is already a DHCP server on the interface.
ScreenOS automatically stops the local DHCP server process from starting if another DHCP server is detected on the network.

If it receives a response from another DHCP server, the system generates a message indicating that the DHCP service is enabled on the security
device but not started because another DHCP server is present on the network. The log message includes the IP address of the existing DHCP server.

You can set one of three operational modes for DHCP server detection on an
interface: auto, enable, or disable.
Auto mode causes the security device to always check for an existing DHCP server at bootup.


Taken from C&E Guide:Vol 2 Chapter 8 Page 250



Re: What does "Server auto detection" option do (in detail) ?

‎04-17-2009 12:40 AM

This "server auto detection" relates to Virtual IP Addresses configuration.


‎08-26-2015 01:27 AM

Re: What does "Server auto detection" option do (in detail) ?

‎04-17-2009 01:44 AM



I use this on my VIPs without problem.The auto detection option means that the device checks every now and then if the internal server the VIP is mapped to is still available or not. If the server is unavailable, then the traffic will not be forwarded. The checking is done via ICMP.


To see it in action with a 'debug vip all' (internal address is, and this is for a VIP which is down currently):


## 2009-04-17 10:53:46 : ping call back, 1
## 2009-04-17 10:53:50 : ping call back, 1
## 2009-04-17 10:53:54 : ping call back, 1
## 2009-04-17 10:53:58 : ping call back, 1
## 2009-04-17 10:54:02 : ping call back, 1
## 2009-04-17 10:54:04 : Rev-VIP look-up for on
## 2009-04-17 10:54:04 : No Rev-VIP found for (6)


I seem to remember that there were some issues in older versions of ScreenOS (years ago) with the auto-detection causing the VIPs to fail, but I'm not aware of a problem in the current implementation.I guess if the VIP internal host doesn't respond to ping then server auto-detection would also not be a good idea, or if there is some extra internal routing that is taking place. But if the internal server is within the subnet of the firewall and responds to ping, then I think it'll be okay.


Re: What does "Server auto detection" option do (in detail) ?

‎04-17-2009 04:23 AM

Thank you for this information.