show services unified-access-control counters
Syntax
show services unified-access-control counters
Description
Display the number of sessions allowed, denied, and terminated by the Unified Access Control (UAC) service when invoked by a firewall policy with the uac-policy action. Counts are reported for each action taken by UAC. Sessions that were allowed, denied, or terminated by other firewall policy actions are not included in these statistics.
On SRX1500, SRX5400, SRX5600, and SRX5800 devices, UAC counts are grouped and displayed for each PIC on the device. On SRX 300, SRX 320, SRX 340, SRX 345 SRX Series Firewalls, UAC counts are accumulated by device only. There is no PIC specification on these devices.
Required Privilege Level
view
Output Fields
Table 1 lists the output fields for the show services unified-access-control counters command. Output
fields are listed in the approximate order in which they appear.
Field Name |
Field Description |
|---|---|
|
If applicable, the number of each PIC implementing UAC. UAC statistics are grouped by PIC. |
|
The sessions permitted by UAC when invoked by a user role firewall policy. |
|
Number of sessions permitted by UAC based on the UAC policy action. |
|
Number of sessions permitted by the timeout action while the SRX was disconnected from the UAC device. |
|
The sessions denied by UAC when invoked by a user role firewall policy. |
|
Number of sessions denied by UAC because the user was not authenticated. |
|
Number of sessions denied by UAC based on the UAC policy action. |
|
Number of sessions denied because no UAC policy match was found. |
|
Number of sessions denied by the timeout action while the SRX was disconnected from the access control device. |
|
The sessions originally permitted that were later terminated. |
|
Number of sessions terminated due to a change in the UAC user roles associated with the session. |
|
Number of sessions terminated due to the user signing out. |
Sample Output
show services unified-access-control counters
user@host> show services unified-access-control counters
PIC: fpc2.pic0
Sessions allowed
Policy action: 0
Timeout action: 0
Sessions denied
Unauthenticated: 0
Policy action: 0
Policy not matched: 0
Timeout action: 0
Sessions terminated
Reevaluation: 0
Signout: 0
command-name
Statistics on SRX 300, SRX 320, SRX 340, and SRX 345 devices are accumulated by device only. There is no PIC specification on these devices.
user@host> show services unified-access-control counters
Sessions allowed
Policy action: 0
Timeout action: 0
Sessions denied
Unauthenticated: 0
Policy action: 0
Policy not matched: 0
Timeout action: 0
Sessions terminated
Reevaluation: 0
Signout: 0
Release Information
Command introduced in Junos OS Release 12.1X44-D10.