Help - Status

Administrators may use Status to check the System Status, Interface statistics, VPN, connections and DHCP Servers.

System

The System status page provides some information about the DFL-200.

  • Uptime - The time the firewall have been running, since the last reboot or start.
  • CPU Load - Percentage of cpu used.
  • Connections - Number of current connections through the firewall.
  • Firmware version - The firmware version running on the firewall.
  • Last restart - The reason for the last restart.
  • IDS Signatures - The IDS signature versions.

There are also two graphs on this page, one showing the CPU usage during the last 24 hours. The other one is showing the state table usage during the last 24 hours.

Interfaces

By default information about the LAN interface will be show, to see another one click on that interface (WAN or DMZ).

  • Interface - Name of the interface shown, LAN, WAN or DMZ.
  • Link status - Displays what link the current interface has, the speed can be 10 or 100 Mbps and the duplex can be Half or Full.
  • MAC Address - MAC address of the interface.
  • Send rate - Current amount of traffic sent trough the interface.
  • Receive rate - Current amount of traffic received trough the interface.

There are also two graphs displaying the send and receive rate trough the interfaces during the last 24 hours.

VPN

By default, information about the first VPN tunnel will be shown, to see another one click on that VPN tunnels name. The two graphs display the send and receive rate trough the selected VPN tunnel during the last 24 hours.

Connections

Shows the last 100 connections opened through the firewall. Connections are created when traffic is permitted to pass via the policies.

Each connection has two timeout values, one in each direction. These are updated when the firewall receives packets from each end of the connection. The value shown in the Timeout column is the lower of the two values.

Possible values in the State column include: TCP_CLOSE, TCP_OPEN, SYN_RECV, FIN_RECV and so on. The Proto column can have:

  • TCP - The connection is a TCP connection
  • PING - The connection is an ICMP ECHO connection
  • UDP - The connection is a UDP connection
  • RAWIP - The connection uses an IP protocol other than TCP, UDP or ICMP

The Source and Destination columns shows from what ip and port on the source interface is the connection, and to what interface with what port number is the connection to.

DHCP Servers

The DHCP Server status page provides some information about the configured DHCP Servers. By default information about the LAN interface will be shown, to see another one click on that interface.

  • Interface - Name of the interface the DHCP Server is running on.
  • IP Span - Displays the configured ranges of IP's that are given out as DHCP leases.
  • Usage - Display how much of the IP range is give out to DHCP clients.

Active leases are the current computers using this DHCP server. It is also possible to end a computers lease from here by clicking on End lease after that IP.

Inactive leases are leases that are not currently in use but have been used by a computer before, that computer will get that lease the next time it is on the network. If there is no free IP in the pool these IP's will be used for new computers.

Logging

This page show the internal log entrys of the firewall, Although the exact format of each log entry depends on what is logged, all log entries in the DFL-200 are prefaced with date, EFW: and a category, e.g. DROP:

[2003-12-27 11:43:41] <5>EFW: DROP:

Subsequent text is dependent on the event that has occurred.

USAGE events

These events are sent periodically and provide statistical information regarding connections and amount of traffic.

Example:

[2003-12-27 11:43:41] <5>EFW: USAGE: conns=1174 if0=core ip0=127.0.0.1 tp0=0.00 if1=wan ip1=192.168.10.2 tp1=11.93 if2=lan ip2=192.168.0.1 tp2=13.27 if3=dmz ip3=192.168.1.1 tp3=0.99

The value after conns is the number of open connections trough the firewall when the usage log was sent. The value after tp is the throughput through the firewall at the time the usage log was logged.

DROP events

These events may be generated by a number of different functions in the firewall. The most common source is probably the policies.

Example:

[2003-12-27 11:43:41] <5>EFW: DROP: prio=1 rule=Rule_1 action=drop recvif=wan srcip=192.168.10.2 destip=192.168.0.1 ipproto=TCP ipdatalen=28 srcport=3572 destport=135 tcphdrlen=28 syn=1

In this line, traffic from 192.168.10.2 coming from the WAN side of the firewall, connecting to 192.168.10.1 on port 135 is dropped. The protocol used is TCP.

CONN events

These events are generated if auditing has been enabled.

One event will be generated when a connection is established. This event will include information about protocol, receiving interface, source IP address, source port, destination interface, destination IP address and destination port.

Open Example:

[2003-12-27 11:43:41] <5>EFW: CONN: prio=1 rule=Rule_8 conn=open connipproto=TCP connrecvif=lan connsrcip=192.168.0.10 connsrcport=3179 conndestif=wan conndestip=64.7.210.132 conndestport=80

In this line, traffic from 192.168.0.10 on the LAN interface is connecting to 64.7.210.132 on port 80 on the WAN side of the firewall (internet).

Another event is generated when the connection is closed. The information included in the event is the same as in the event sent when the connection was opened, with the exception that statistics regarding sent and received traffic is also included.

Close Example:

[2003-12-27 11:43:41] <5>EFW: CONN: prio=1 rule=Rule_8 conn=close connipproto=TCP connrecvif=lan connsrcip=192.168.0.10 connsrcport=3179 conndestif=wan conndestip=64.7.210.132 conndestport=80 origsent=62 termsent=60

In this line, the connection in the other example is closed.

Users

The user status page provides information about currently authenticated users and recognized privileges.

  • Login name - The name used to log in.
  • User IP - Displays the IP the user is comming from.
  • Iface - On which interface did the user log in.
  • Session timeout - Time left of the session.
  • Idle timeout - Idle time until the user will be logged out.
  • Privileges - Privileges for the user.
  • Logout - Force the user to logout.