- Download
Software
- Research a
Problem - Case Management
- Communities and Forums
- Contract & Product Management
- Technical Documentation Advanced Search
- Documentation Feedback Form
- Documentation Symbols Key
- End-of-Life Products
- Guidelines and Policies
- Security Resources
Juniper was the first North American IP routing vendor to achieve the prestigious TL 9000 certification by the Quality of Excellence for Suppliers of Telecommunications (QuEST) Forum in the router category, for design, development, provision and service and support.
What is J-Care?
It's the world-class service and support that you expect from a company that delivers the industry's best infrastructure and security products. With J-Care, you now have the confidence knowing that Juniper will do our part to keep you on top of the world!
- Download PDFs
-
Monitoring Firewall Filter Traffic
- Related Topics
- Configuring Firewall Filters (CLI Procedure)
- Configuring Firewall Filters (J-Web Procedure)
- Configuring Policers to Control Traffic Rates (CLI Procedure)
- Example: Configuring Firewall Filters for Port, VLAN, and Router Traffic on EX-series Switches
- Verifying That Firewall Filters Are Operational
Monitoring Firewall Filter Traffic
You can monitor firewall filter traffic on EX-series switches.
- Monitoring Traffic for All Firewall Filters and Policers That Are Configured on the Switch
- Monitoring Traffic for a Specific Firewall Filter
- Monitoring Traffic for a Specific Policer
Monitoring Traffic for All Firewall Filters and Policers That Are Configured on the Switch
Purpose
Perform the following task to monitor the number of packets and bytes that matched the firewall filters and monitor the number of packets that exceeded policer rate limits:
Action
Use the operational mode command:
user@switch> show firewall
Filter: egress-vlan-watch-employee Counters: Name Bytes Packets counter-employee-web 3348 27 Filter: ingress-port-voip-class-limit-tcp-icmp Counters: Name Bytes Packets icmp-counter 4100 49 Policers: Name Packets icmp-connection-policer 0 tcp-connection-policer 0 Filter: ingress-vlan-rogue-block Filter: ingress-vlan-limit-guest
What it Means
The show firewall command displays the names of all firewall filters, policers, and counters that are configured on the switch. The output fields show byte and packet counts for counters and packet count for policers.
Monitoring Traffic for a Specific Firewall Filter
Purpose
Perform the following task to monitor the number of packets and bytes that matched a firewall filter and monitor the number of packets that exceeded the policer rate limits.
Action
Use the operational mode command:
user@switch> show firewall filter ingress-vlan-rogue-block
Filter: ingress-vlan-rogue-block Counters: Name Bytes Packets rogue-counter 2308 20
What it Means
The show firewall filter filter-name command displays the name of the firewall filter, the packet and byte count for all counters configured with the filter, and the packet count for all policers configured with the filter.
Monitoring Traffic for a Specific Policer
Purpose
Perform the following task to monitor the number of packets that exceeded policer rate limits:
Action
Use the operational mode command:
user@switch> show policer tcp-connection-policer
Filter: ingress-port-voip-class-limit-tcp-icmp Policers: Name Packets tcp-connection-policer 0
What it Means
The show policer policer-name command displays the name of the firewall filter that specifies the policer-action and displays the number of packets that exceeded rate limits for the specified filter.