ScreenOS Firewalls (NOT SRX)
ScreenOS Firewalls (NOT SRX)

What does "Server auto detection" option do (in detail) ?

‎04-16-2009 02:13 AM

Ive fount many posts that "server auto detection" should be switched off for some reasons.

My question is:

 

What does that do at all ?

 

Ive not found explanation to this question in documentation.

 

Regards,

Krzysztof Zygmunt

4 REPLIES 4
ScreenOS Firewalls (NOT SRX)

Re: What does "Server auto detection" option do (in detail) ?

[ Edited ]
‎04-16-2009 10:59 AM

Hi

If you are refering to dhcp configurations, what it means is that :

During the initialization of the dhcp server on the security device, the system can first check to see if there is already a DHCP server on the interface.
ScreenOS automatically stops the local DHCP server process from starting if another DHCP server is detected on the network.

If it receives a response from another DHCP server, the system generates a message indicating that the DHCP service is enabled on the security
device but not started because another DHCP server is present on the network. The log message includes the IP address of the existing DHCP server.

You can set one of three operational modes for DHCP server detection on an
interface: auto, enable, or disable.
Auto mode causes the security device to always check for an existing DHCP server at bootup.

 

Taken from C&E Guide:Vol 2 Chapter 8 Page 250

 

 

Message Edited by WL on 04-16-2009 11:00 AM
****pls click the button " Accept as Solution" if my post helped to solve your problem****
ScreenOS Firewalls (NOT SRX)

Re: What does "Server auto detection" option do (in detail) ?

‎04-17-2009 12:40 AM

Thank you for reply.

 

 

Sorry,

 

Ive missed prividing that information.

 

This "server auto detection" relates to Virtual IP Addresses configuration.

 

ScreenOS Firewalls (NOT SRX)
Solution
Accepted by topic author krzysztofzygmunt
‎08-26-2015 01:27 AM

Re: What does "Server auto detection" option do (in detail) ?

‎04-17-2009 01:44 AM

Hi,

 

I use this on my VIPs without problem.The auto detection option means that the device checks every now and then if the internal server the VIP is mapped to is still available or not. If the server is unavailable, then the traffic will not be forwarded. The checking is done via ICMP.

 

To see it in action with a 'debug vip all' (internal address is 192.168.1.1, and this is for a VIP which is down currently):

 

## 2009-04-17 10:53:46 : ping call back 192.168.1.1, 1
## 2009-04-17 10:53:50 : ping call back 192.168.1.1, 1
## 2009-04-17 10:53:54 : ping call back 192.168.1.1, 1
## 2009-04-17 10:53:58 : ping call back 192.168.1.1, 1
## 2009-04-17 10:54:02 : ping call back 192.168.1.1, 1
## 2009-04-17 10:54:04 : Rev-VIP look-up for 192.168.1.1/1166(6) on 0.0.0.0/0(0)
## 2009-04-17 10:54:04 : No Rev-VIP found for 192.168.1.1/1166 (6)

 

I seem to remember that there were some issues in older versions of ScreenOS (years ago) with the auto-detection causing the VIPs to fail, but I'm not aware of a problem in the current implementation.I guess if the VIP internal host doesn't respond to ping then server auto-detection would also not be a good idea, or if there is some extra internal routing that is taking place. But if the internal server is within the subnet of the firewall and responds to ping, then I think it'll be okay.

 

Hope this helps.

 

Regards

Andy

 

 

 

ScreenOS Firewalls (NOT SRX)

Re: What does "Server auto detection" option do (in detail) ?

‎04-17-2009 04:23 AM

Thank you for this information.