Meaning for Netlink state settings
(2 votes, average: 3.50 out of 5)
Loading ...Seems like there is an undocumented setting in SMC regarding the Netlinks. You’ll see them when you right-click any Netlink on the Status view and select Netlink state. A new drop-down menu opens with three choises:
1. always enabled 2.always disabled and 3. reset to auto
By default, the state selection setting is “auto”. With this setting, netlink works normally meaning that netlink status probing is taken into account.
1. always enabled
When setting is “always enabled”, netlink remains in active state even if the status probing fails. In other words, it remains active/enabled even if probing shows it to be down. This can be used in situation where netlink status probing doesn’t work reliably. For example if you know that netlink is up and working but probing shows status to be down, setting netlink state to “always enabled” will allow using this netlink as well.
2. Always disabled
Well, this quite clear. When this setting is on the particular netlink is always in inactive/disabled state and doesn’t process traffic.
3. Reset to auto
Last option “reset to auto” can be used to change this setting in engine back to default auto setting if it was previously set to “always enabled” or “always disabled”.
5 Responses to “Meaning for Netlink state settings”
Leave a Reply
You must be logged in to post a comment.
December 29th, 2008 at 12:51 pm
Is the always disabled really so clear? Even disabled netlink can still process traffic. This is not prevented by this setting. If routing specifies that some traffic should use this netlink, it will use this netlink. If inbound traffic is received, it still uses this netlink. When it comes to routing SRC & DST addresses in the packet routed are the one effecting.
So what is the actual meaning of this disabled? It means that whenever making a selection of local end address (Outbound balancing NAT rule, DDNS update, VPN tunnel endpoint), disabled endpoint is considered as non-usable and will not be selected for any NEW cleartext connections. Old cleartext connections and traffic related to those will continue using this netlink as long as connections are alive.
So why someone would like to disable netlink.
- Netlink is very unreliable. It stays up for a while, goes down, goes up, etc.
- There is planned maintenance with the netlink and because of this new connections should not use it.
June 25th, 2009 at 5:34 pm
Hello, this is my first message, so, hello to anyone.
I have SMC 4.3.6 and some 39 firewalls managed. In the status box of the Stonegate Explorer i can see all my Firewalls in the green status, but when I open the netlink tree just below the firewalls tree, I see all my netlinks in Grey state, except one that is green. All the firewalls are configured in the same way, the policy of the firewall where the management/log server is behind is the same for alle the firewalls. I have read the manuals but I found no clue. The firewall software is 4.3.4, the firewall that shows me the netlink status is exactly the same as another that dows not work at all. I cannot even figure if it is a policy problem or some stonesoft issue. Please help me. Ciao. Andrea.
July 6th, 2009 at 3:14 pm
Ciao Andrea and welcome to StoneBlog.
Referring to your case, I don’t think it is a policy issue as there are no settings I know in the policy to activate monitoring of Netlinks.
I would suggest you to double check the configuration of “Netlinks” network elements and if you find them all consistent, then I guess optimal thing would be to open a ticket to Stonesoft Support, providing detailed information about the issue and sginfo diagnostics to help the analysis.
Have a great day.
RoarinPenguin
July 10th, 2009 at 2:53 pm
One note about NetLink monitoring: the NetLinks have to be part of an Outbound Multi-Link element for the NetLink probing to work. If you only have NetLink elements in the Routing tree, the NetLink probing will not have any effect. This seems to be a common problem reported by users.
September 16th, 2009 at 6:33 pm
Answering to CaptainObvious: I’ve only one link, with only one netlink and all is working fine.