Verifying That Firewall Filters Are Operational
Purpose
Verify that firewall filters are working properly after you apply them to ports, VLANs, or Layer 3 interfaces.
Action
Use the show firewall operational mode command to verify that the firewall filters are working properly:
user@switch> show firewallFilter: egress-vlan-watch-employee Counters: Name Bytes Packets counter-employee-web 0 0 Filter: ingress-port-limit-tcp-icmp Counters: Name Bytes Packets icmp-counter 560 10 Policers: Name Packets icmp-connection-policer 10 tcp-connection-policer 0 Filter: ingress-vlan-rogue-block Filter: ingress-vlan-limit-guest
Meaning
The show firewall command displays the names of all firewall filters, counters, and policers that are configured. For each counter that is specified in a filter configuration, the output field shows the byte count and packet count for the term in which the counter is specified. In the above example, the icmp-counter in the filter ingress-port-limit-tcp-icmp shows that the filter matched 10 packets. For each policer that is specified in a filter configuration, the output field shows the packet count for packets that exceed the specified rate limits. The policer icmp-connection-policer shows that 10 ICMP packets were policed.
