Related Documentation
- EX, J, M, MX, PTX, SRX, T Series
- clear firewall
- EX, J, M, MX, PTX, T Series
- show firewall log
- EX Series
- Verifying That Firewall Filters Are Operational
- Verifying That Policers Are Operational
show firewall
Syntax
Syntax (EX Series Switches)
Release Information
Command introduced before Junos OS Release 7.4.
Command introduced in Junos OS Release 9.0 for EX Series switches.
logical-system option introduced in Junos OS Release 9.3.
terse option introduced in Junos OS Release 9.4.
policer counters option introduced in Junos OS Release 12.2 for EX Series switches.
detail option introduced in Junos OS Release 12.3.
Description
Display statistics about configured firewall filters.
Options
none | — | (Optional) Display statistics about all configured firewall filters and counters. For EX Series switches, this command also displays statistics about all configured policers. |
counter counter-name | — | (Optional) Name of a filter counter. |
detail | — | (EX Series switches only) (Optional) Display firewall filter statistics with enhanced policer. |
filter filter-name | — | (Optional) Name of a configured filter. |
logical-system (all | logical-system-name) | — | (Optional) Perform this operation on all logical systems or on a particular logical system. |
log | — | (Optional) Display log entries for firewall filters. |
log <(detail | interface interface-name)> | — | (EX Series switches only) (Optional) Display detailed log entries of firewall activity or log information about a specific interface. |
policer counters <(detail | counter-id counter-index <detail>)> | — | (EX8200 switches only) (Optional) Display policer counter statistics in brief or in detail. |
terse | — | (Optional) Display firewall filter names only. |
Required Privilege Level
view
Related Documentation
- EX, J, M, MX, PTX, SRX, T Series
- clear firewall
- EX, J, M, MX, PTX, T Series
- show firewall log
- EX Series
- Verifying That Firewall Filters Are Operational
- Verifying That Policers Are Operational
List of Sample Output
show firewall filter (MX Series Router and EX Series Switch)show firewall filter (non MX Series Router and EX Series Switch)
show firewall filter (Hierarchical Policer, MX Series with MPC)
show firewall filter (Dynamic Input Filter)
show firewall (Logical Systems)
show firewall (counter counter-name)
show firewall log
show firewall policer counters (EX8200 Switch)
show firewall policer counters (detail) (EX8200 Switch)
show firewall policer counters (counter-id counter-index) (EX8200 Switch)
show firewall policer counters (counter-id counter-index detail) (EX8200 Switch)
show firewall detail
Output Fields
Table 1 lists the output fields for the show firewall command. Output fields are listed in the approximate order in which they appear.
Table 1: show firewall Output Fields
Field Name | Field Description |
|---|---|
Filter | Name of a filter that has been configured with the filter statement at the [edit firewall] hierarchy level. Except on EX Series switches:
|
Counters | Display filter counter information:
Note: On M and T series routers, firewall filters cannot count ip-options packets on a per option type and per interface basis. A limited work around is to use the show pfe statistics ip options command to see ip-options statistics on a per Packet Forwarding Engine (PFE) basis. See show pfe statistics ip for sample output. |
Policers | Display policer information:
|
Policer Counter Index | (EX8200 switch only) Global management counter ID. The counter ID value (counter-index) can be 0, 1, or 2. |
Green | (EX8200 switch only) Number of packets within the limits. The number of packets is smaller than the committed information rate (CIR). |
Yellow | (EX8200 switch only) Number of packets partially within the limits. The number of packets is greater than the CIR, but the burst size is within the excess burst size (EBS) limit. |
Discard | (EX8200 switch only) Number of discarded packets. |
Bytes | (EX8200 switch only) Number of green, yellow, red, or discarded packets in bytes. |
Packets | (EX8200 switch only) Number of green, yellow, red, or discarded packets. |
Filter name | (EX8200 switch only) Name of the filter with a term associated to a policer. |
Term name | (EX8200 switch only) Name of the term associated with a policer. |
Policer name | (EX8200 switch only) Name of the policer that is associated with a global management counter. |
Sample Output
show firewall filter (MX Series Router and EX Series Switch)
user@host> show firewall filter testFilter: test Counters: Name Bytes Packets Counter-1 0 0 Counter-2 0 0 Policers: Name Bytes Packets Policer-1 2770 70
show firewall filter (non MX Series Router and EX Series Switch)
user@host> show firewall filter testFilter: test Counters: Name Bytes Packets Counter-1 0 0 Counter-2 0 0 Policers: Name Bytes Packets Policer-1 70
show firewall filter (Hierarchical Policer, MX Series with MPC)
user@host> show firewall filter FL_V4_PHY-HP-EF-AWARE-Gold=400k-MCAST=200k-Total=1M-ds-10/0/0:2:1-iFilter: FL_V4_PHY-HP-EF-AWARE-Gold=400k-MCAST=200k-Total=1M-ds-10/0/0:2:1-i Counters: Name Bytes Packets AF1x_counter-ds-10/0/0:2:1-i 0 0 AF2x_counter-ds-10/0/0:2:1-i 25529445976 24500428 AF3x_counter-ds-10/0/0:2:1-i 2182022 39482 AF4x_counter-ds-10/0/0:2:1-i 0 0 BE_counter-ds-10/0/0:2:1-i 0 0 EF_counter-ds-10/0/0:2:1-i 14817044120 12265765 STD_counter-ds-10/0/0:2:1-i 0 0 Policers: Name Bytes Packets POL_CE-PE_M=200k-filter-ds-10/0/0:2:1-i 5948099658 5708349 POL_CE-PE_G=400K_R=1M-filter-ds-10/0/0:2:1-i ?????????? 3572794 ??????????? ?????????? ???????
show firewall filter (Dynamic Input Filter)
user@host> show firewall filter dfwd-ge-5/0/0.1-inFilter: dfwd-ge-5/0/0.1-in Counters: Name Bytes Packets c1-ge-5/0/0.1-in 0 0
show firewall (Logical Systems)
user@host> show firewallFilter: __lr1/test Counters: Name Bytes Packets icmp 420 5 Filter: __default_bpdu_filter__ Filter: __lr1/inet_filter1 Counters: Name Bytes Packets inet_tcp_count 0 0 inet_udp_count 0 0 Filter: __lr1/inet_filter2 Counters: Name Bytes Packets inet_icmp_count 0 0 inet_pim_count 0 0 Filter: __lr2/inet_filter1 Counters: Name Bytes Packets inet_tcp_count 0 0 inet_udp_count 0 0
show firewall (counter counter-name)
user@host> show firewall counter icmp-counterFilter: ingress-port-voip-class-filter Counters: Name Bytes Packets icmp-counter 0 0
show firewall log
user@host> show firewall logLog : Time Filter Action Interface Protocol Src Addr Dest Addr 08:00:53 pfe R ge-1/0/1.0 ICMP 192.168.3.5 192.168.3.4 08:00:52 pfe R ge-1/0/1.0 ICMP 192.168.3.5 192.168.3.4 08:00:51 pfe R ge-1/0/1.0 ICMP 192.168.3.5 192.168.3.4 08:00:50 pfe R ge-1/0/1.0 ICMP 192.168.3.5 192.168.3.4 08:00:49 pfe R ge-1/0/1.0 ICMP 192.168.3.5 192.168.3.4 08:00:48 pfe R ge-1/0/1.0 ICMP 192.168.3.5 192.168.3.4 08:00:47 pfe R ge-1/0/1.0 ICMP 192.168.3.5 192.168.3.4
show firewall policer counters (EX8200 Switch)
user@switch> show firewall policer countersPolicer Counter Index 0:
Bytes Packets
Green: 73 15914
Yellow: 9 1962
Discard: 119 25942
Policer Counter Index 1:
Bytes Packets
Green: 0 0
Yellow: 0 0
Discard: 0 0
Policer Counter Index 2:
Bytes Packets
Green: 0 0
Yellow: 0 0
Discard: 0 0show firewall policer counters (detail) (EX8200 Switch)
user@switch> show firewall policer counters
detailPolicer Counter Index 0:
Bytes Packets
Green: 73 15914
Yellow: 9 1962
Discard: 119 25942
Filter name Term name Policer name
myfilter polcr-term-1 myfilter-polcr-1
inet-filter-ae ae-snmp policer-1
inet-filter-ae ae-ssh policer-2
Policer Counter Index 1:
Bytes Packets
Green: 0 0
Yellow: 0 0
Discard: 0 0
Filter name Term name Policer name
Policer Counter Index 2:
Bytes Packets
Green: 0 0
Yellow: 0 0
Discard: 0 0
Filter name Term name Policer nameshow firewall policer counters (counter-id counter-index) (EX8200 Switch)
user@switch> show firewall policer counters
counter-id 0Policer Counter Index 0:
Bytes Packets
Green: 73 15914
Yellow: 9 1962
Discard: 119 25942show firewall policer counters (counter-id counter-index detail) (EX8200 Switch)
user@switch> show firewall policer counters
counter-id 0 detailPolicer Counter Index 0:
Bytes Packets
Green: 73 15914
Yellow: 9 1962
Discard: 119 25942
Filter name Term name Policer name
myfilter polcr-term-1 myfilter-polcr-1
inet-filter-ae ae-snmp policer-1
inet-filter-ae ae-ssh policer-2show firewall detail
user@host> show firewall detailFilter: __default_bpdu_filter__
Filter: foo
Counters:
Name Bytes Packets
c1 17652140 160474
Policers:
Name Bytes Packets
P1-t1
OOS 0 18286
Offered 0 18446744073709376546
Transmitted 0 18446744073709358260
Published: 2013-07-12
Related Documentation
- EX, J, M, MX, PTX, SRX, T Series
- clear firewall
- EX, J, M, MX, PTX, T Series
- show firewall log
- EX Series
- Verifying That Firewall Filters Are Operational
- Verifying That Policers Are Operational
