The version on both devices are
| Hardware Version: | 710(0) | |
|---|---|---|
| Firmware Version: | 6.3.0r23.0 (Firewall+VPN) |
When disable dmz interface on SSG1 then enable again, I see below message as follow
ssg5-v92-> get interface e0/6
Interface ethernet0/6:
description ethernet0/6
number 10, if_info 880, if_index 0, mode route
if_signature 0x4e53434e
sess token 13, flow flag 0x0 if flag 0x10021200 flag2 0x800
link down, phy-link up/full-duplex, admin status up
status change:23, last change:05/24/1997 00:05:56
vsys Root, zone DMZ, vr trust-vr
hwif ethernet0/6 flag 0x10000200 flag2 0x0 flag3 0x10000000, vsys Root
dhcp client disabled
PPPoE disabled
admin mtu 0, operating mtu 1500, default mtu 1500
*ip 172.31.106.74/30 mac 0019.e2a4.148a
*manage ip 172.31.106.74, mac 0019.e2a4.148a
route-deny disable
pmtu-v4 disabled
ping enabled, telnet disabled, SSH disabled, SNMP disabled
web enabled, ident-reset disabled, SSL disabled
DNS Proxy disabled, webauth disabled, g-arp enabled, webauth-ip 0.0.0.0
OSPF disabled OSPFv3 disabled BGP disabled RIP disabled RIPng disabled
mtrace disabled
PIM: not configured IGMP not configured
MLD not configured
NHRP disabled
bandwidth: physical 100000kbps, configured egress [gbw 0kbps mbw 0kbps]
configured ingress mbw 0kbps, current bw 0kbps
total allocated gbw 0kbps
DHCP-Relay disabled at interface level
DHCP-server disabled
ssg5-v92-> get flow
flow action flag: 0095
flow GRE outbound tcp-mss is not set
flow GRE inbound tcp-mss is not set
flow change tcp mss option for all packets is not set
flow change tcp mss option for outbound vpn packets = 1350
flow change tcp mss option for bi-directional vpn packets is not set
flow deny session disabled
TCP syn-proxy syn-cookie disabled
Log dropped packet disabled
Log auth dropped packet disabled
Allow dns reply pkt without matched request : NO
Check TCP SYN bit before create session & refresh session only after tcp 3 way handshake : YES
Check TCP SYN bit before create session : NO
Check TCP SYN bit before create session for tunneled packets : YES
Enable the strict SYN check: NO
Allow naked tcp reset pass through firewall: NO
Use Hub-and-Spoke policies for Untrust MIP traffic that loops on same interface
Check unknown mac flooding : YES
Skip sequence number check in stateful inspection : NO
Drop embedded ICMP : NO
ICMP path mtu discovery : NO
ICMP time exceeded : NO
TCP RST invalidates session immediately : NO
Force packet fragment reassembly : NO
flow log info: 0.0.0.0/0->0.0.0.0/0,0
flow initial session timeout: 20 seconds
flow session cleanup time: 2 seconds
early ageout setting:
high watermark = 100 (8064 sessions)
low watermark = 100 (8064 sessions)
early ageout = 2
RST seq. chk OFF
MAC cache for management traffic: OFF
Fix tunnel outgoing interface: OFF
session timeout on route change is not set
reverse route setting:
clear-text or first packet going into tunnel: prefer reverse route (default)
first packet from tunnel: always reverse route (default)
Close session when receive ICMP error packet: YES
Passing through only one ICMP error packet: NO
Flow caches route and arp: YES, miss rate 23%
flow tcp session notification tuning value is 65536
ssg5-v92-> get event
Total event entries = 3072
Date Time Module Level Type Description
2017-06-28 01:04:05 system info 00536 IKE 124.12.151.186: Added Phase 2
session tasks to the task list.
2017-06-28 01:03:53 system info 00536 IKE 124.12.151.186 Phase 1: Responder
starts MAIN mode negotiations.
2017-06-28 01:03:33 system info 00536 IKE 124.12.151.186 Phase 1:
Retransmission limit has been reached.
2017-06-28 01:03:27 system crit 00027 Admin shell has been re-enabled by
NetScreen system after being locked
due to excessive failed login attempts
2017-06-28 01:03:26 system notif 00767 Event log was reviewed by admin
netscreen.
2017-06-28 01:03:15 system info 00536 IKE 124.12.151.186: Added Phase 2
session tasks to the task list.
2017-06-28 01:02:56 system info 00767 System configuration saved by
netscreen via web from host
1.161.19.150 to 118.163.40.37:80 by
netscreen.
2017-06-28 01:02:56 system notif 00531 NTP server is disabled on interface
ethernet0/6
2017-06-28 01:02:55 system info 00767 System configuration saved by
netscreen via web from host
1.161.19.150 to 118.163.40.37:80 by
netscreen.
2017-06-28 01:02:55 system notif 00531 NTP server is disabled on interface
ethernet0/6
2017-06-28 01:02:55 system notif 00009 Admin status for interface ethernet0/6
has been changed to enable.