Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 

show services unified-access-control counters

 

Syntax

Release Information

Command introduced in Junos OS Release 12.1X44-D10.

Description

Display the number of sessions allowed, denied, and terminated by the Unified Access Control (UAC) service when invoked by a firewall policy with the uac-policy action. Counts are reported for each action taken by UAC. Sessions that were allowed, denied, or terminated by other firewall policy actions are not included in these statistics.

On SRX1500, SRX5400, SRX5600, and SRX5800 devices, UAC counts are grouped and displayed for each PIC on the device. On SRX 300, SRX 320, SRX 340, SRX 345 SRX Series devices, UAC counts are accumulated by device only. There is no PIC specification on these devices.

Required Privilege Level

view

List of Sample Output

show services unified-access-control counters

Output Fields

Table 1 lists the output fields for the show services unified-access-control counters command. Output fields are listed in the approximate order in which they appear.

Table 1: show services unified-access-control counters Output Fields

Field Name

Field Description

PIC

If applicable, the number of each PIC implementing UAC. UAC statistics are grouped by PIC.

Sessions allowed

The sessions permitted by UAC when invoked by a user role firewall policy.

Policy action

Number of sessions permitted by UAC based on the UAC policy action.

Timeout action

Number of sessions permitted by the timeout action while the SRX was disconnected from the UAC device.

Sessions denied

The sessions denied by UAC when invoked by a user role firewall policy.

Unauthenticated

Number of sessions denied by UAC because the user was not authenticated.

Policy action

Number of sessions denied by UAC based on the UAC policy action.

Policy not matched

Number of sessions denied because no UAC policy match was found.

Timeout action

Number of sessions denied by the timeout action while the SRX was disconnected from the access control device.

Sessions terminated

The sessions originally permitted that were later terminated.

Reevaluation

Number of sessions terminated due to a change in the UAC user roles associated with the session.

Signout

Number of sessions terminated due to the user signing out.

Sample Output

show services unified-access-control counters

user@host> show services unified-access-control counters

Statistics on SRX 300, SRX 320, SRX 340, and SRX 345 devices are accumulated by device only. There is no PIC specification on these devices.

user@host> show services unified-access-control counters