Verifying That Firewall Filters Are Operational
After you configure and apply firewall filters to ports, VLANs, or Layer 3 interfaces, you can perform the following task to verify that the firewall filters configured on EX Series switches are working properly.
Use the operational mode command to verify that the firewall filters on the switch are working properly:
user@switch> show firewall
Filter: egress-vlan-watch-employee Counters: Name Bytes Packets counter-employee-web 0 0 Filter: ingress-port-voip-class-limit-tcp-icmp Counters: Name Bytes Packets icmp-counter 0 0 Policers: Name Packets icmp-connection-policer 0 tcp-connection-policer 0 Filter: ingress-vlan-rogue-block Filter: ingress-vlan-limit-guest
The show firewall command displays the names of all firewall filters, policers, and counters that are configured on the switch. For each counter that is specified in a filter configuration, the output field shows the byte count and packet count for the term in which the counter is specified. For each policer that is specified in a filter configuration, the output field shows the packet count for packets that exceed the specified rate limits.