I run this script version on VSX using virtual switches. It is not probably issue of this version only, but specially for virtual systems systems which are switches it returns warnings in NAT, Cluster status, Sync status. I'll try it also on virtual router if is the situation similar there.
In case it will be possible to cover it in roadmap to mitigate those states by info because it is virtual switch and it is fine, it would be great. I really like this script. It is great and give us a lot of useful info about our devices.
Here is example of two virtual switches.
Virtual System 1Virtual System 2
Fragments
Fragments - OK |
Connections Table
Peak Connections - OK
Current Connections - OK
NAT Connections - WARNING
NAT Table ERROR - Unable to open fwx_cache table.
|
ClusterXL
Cluster Status - WARNING
Unable to find remote partner.
This is usually due to one of the following reasons:
-There is no network connectivity between the members of the cluster on the sync network.
-The partner does not have state synchronization enabled.
-One partner is using broadcast mode while the other is using multicast mode.
-One of the monitored processes has an issue, such as no policy loaded.
-The partner firewall is down.
Problem Notifications - OK
Sync Status - WARNING
Sync is Off!
For more information on Sync, use sk34476: Explanation of Sync section in the output of fw ctl pstat command.
To troubleshoot Sync issues use, sk37029- Full Synchronization issues on cluster member and sk37030 - Debugging Full Synchronization in ClusterXL.
Number of Sync Interfaces - OK
Cluster Failovers - OK |
SecureXL
SecureXL Status - OK
Accept Templates - OK
Drop Templates - INFO
Drop Templates are disabled.
Accelerated Drop Rules feature protects the Security Gateway and site from Denial of Service attacks by dropping packets at the acceleration layer.
Please review sk90861 and sk90941 for more information.
F2F Packets - WARNING
F2F (firewall/slow path) packets account for 100% of all traffic.
For more information regarding tuning connections, use sk98348: Best Practices - Security Gateway Performance
PXL Packets - OK
Aggressive Aging - OK |
Logging
Local Logging - OK |
Fragments
Fragments - OK |
Connections Table
Peak Connections - OK
Current Connections - OK
NAT Connections - WARNING
NAT Table ERROR - Unable to open fwx_cache table.
|
ClusterXL
Cluster Status - WARNING
Unable to find remote partner.
This is usually due to one of the following reasons:
-There is no network connectivity between the members of the cluster on the sync network.
-The partner does not have state synchronization enabled.
-One partner is using broadcast mode while the other is using multicast mode.
-One of the monitored processes has an issue, such as no policy loaded.
-The partner firewall is down.
Problem Notifications - OK
Sync Status - WARNING
Sync is Off!
For more information on Sync, use sk34476: Explanation of Sync section in the output of fw ctl pstat command.
To troubleshoot Sync issues use, sk37029- Full Synchronization issues on cluster member and sk37030 - Debugging Full Synchronization in ClusterXL.
Number of Sync Interfaces - OK
Cluster Failovers - OK |
SecureXL
SecureXL Status - OK
Accept Templates - OK
Drop Templates - INFO
Drop Templates are disabled.
Accelerated Drop Rules feature protects the Security Gateway and site from Denial of Service attacks by dropping packets at the acceleration layer.
Please review sk90861 and sk90941 for more information.
F2F Packets - WARNING
F2F (firewall/slow path) packets account for 100% of all traffic.
For more information regarding tuning connections, use sk98348: Best Practices - Security Gateway Performance
PXL Packets - OK
Aggressive Aging - OK |
Logging
Local Logging - OK |
