show firewall
Syntax
Release Information
Command introduced in Junos OS Release 9.0 for EX Series switches.
Option policer counters introduced in Junos OS Release 12.2 for EX Series switches.
Description
Display statistics about configured firewall filters.
Options
none | — | Display statistics about all configured firewall filters, counters, and policers. |
counter counter-name | — | (Optional) Display statistics about a particular firewall filter counter. |
filter filter-name | — | (Optional) Display statistics about a particular firewall filter. |
log (detail | interface interface-name) | — | (Optional) Display detailed log entries of firewall activity or log information about a specific interface. |
policer counters (<detail> | counter-id counter-index <detail>) | — | (EX8200 switches only) (Optional) Display policer counter statistics in brief or in detail. |
terse | — | (Optional) Display firewall filter names only. |
Required Privilege Level
view
List of Sample Output
show firewallshow firewall (filter filter-name)
show firewall (counter counter-name)
show firewall log
show firewall policer counters (EX8200 Switches Only)
show firewall policer counters (detail) (EX8200 Switches Only)
show firewall policer counters (counter-id counter-index) (EX8200 Switches only)
show firewall policer counters (counter-id counter-index detail) (EX8200 Switches only)
Output Fields
Table 1 lists the output fields for the show firewall command. Output fields are listed in the approximate order in which they appear.
Table 1: show firewall Output Fields
Field Name | Field Description | Level of Output |
|---|---|---|
Filter | Name of the filter that is configured with the filter statement at the [edit firewall] hierarchy level. | All levels |
Counters | Display filter counter information:
| All levels |
Policers | Display policer information:
| All levels |
Policer Counters Counter Index | (EX Series switch only) Global management counter ID. The counter ID value (counter index) can be 0, 1, or 2. | All levels |
Green | (EX Series switch only) Number of packets within the limits. The number of packets is smaller than the committed information rate (CIR). | All levels |
Yellow | (EX Series switch only) Number of packets partially within the limits. The number of packets is greater than the CIR but the burst size is within the excess burst size (EBS) limit. | All levels |
discard | (EX Series switch only) Number of discarded packets. | All levels |
Bytes | (EX Series switch only) Number of green, yellow, red, or discarded packets in bytes. | All levels |
Packets | (EX Series switch only) Number of green, yellow, red, or discarded packets. | All levels |
Filter name | (EX Series switch only) Name of the filter with a term associated to a policer. | detail |
Term name | (EX Series switch only) Name of the term associated with a policer. | detail |
Policer name | (EX Series switch only) Name of the policer that is associated with a global management counter. | detail |
Sample Output
show firewall
user@switch> show firewall
Filter: egress-vlan-filter Counters: Name Bytes Packets employee-web-counter 0 0 Filter: ingress-port-filter Counters: Name Bytes Packets ingress-port-counter 0 0 Filter: ingress-port-voip-class-filter Counters: Name Bytes Packets icmp-counter 0 0 Policers: Name Packets icmp-connection-policer 0 tcp-connection-policer 0
show firewall (filter filter-name)
user@switch> show firewall filter egress-vlan-filter Filter: egress-vlan-filter Counters: Name Bytes Packets employee-web-counter 0 0
show firewall (counter counter-name)
user@switch> show firewall counter icmp-counter Filter: ingress-port-voip-class-filter Counters: Name Bytes Packets icmp-counter 0 0
show firewall log
user@switch> show firewall log Log : Time Filter Action Interface Protocol Src Addr Dest Addr 08:00:53 pfe R ge-1/0/1.0 ICMP 192.168.3.5 192.168.3.4 08:00:52 pfe R ge-1/0/1.0 ICMP 192.168.3.5 192.168.3.4 08:00:51 pfe R ge-1/0/1.0 ICMP 192.168.3.5 192.168.3.4 08:00:50 pfe R ge-1/0/1.0 ICMP 192.168.3.5 192.168.3.4 08:00:49 pfe R ge-1/0/1.0 ICMP 192.168.3.5 192.168.3.4 08:00:48 pfe R ge-1/0/1.0 ICMP 192.168.3.5 192.168.3.4 08:00:47 pfe R ge-1/0/1.0 ICMP 192.168.3.5 192.168.3.4
show firewall policer counters (EX8200 Switches Only)
user@switch> show firewall policer countersPolicer Counter Index 0:
Bytes Packets
Green: 73 15914
Yellow: 9 1962
Discard: 119 25942
Policer Counter Index 1:
Bytes Packets
Green: 0 0
Yellow: 0 0
Discard: 0 0
Policer Counter Index 2:
Bytes Packets
Green: 0 0
Yellow: 0 0
Discard: 0 0show firewall policer counters (detail) (EX8200 Switches Only)
user@switch> show firewall policer counters
detailPolicer Counter Index 0:
Bytes Packets
Green: 73 15914
Yellow: 9 1962
Discard: 119 25942
Filter name Term name Policer name
myfilter polcr-term-1 myfilter-polcr-1
inet-filter-ae ae-snmp policer-1
inet-filter-ae ae-ssh policer-2
Policer Counter Index 1:
Bytes Packets
Green: 0 0
Yellow: 0 0
Discard: 0 0
Filter name Term name Policer name
Policer Counter Index 2:
Bytes Packets
Green: 0 0
Yellow: 0 0
Discard: 0 0
Filter name Term name Policer nameshow firewall policer counters (counter-id counter-index) (EX8200 Switches only)
user@switch> show firewall policer counters
counter-id 0Policer Counter Index 0:
Bytes Packets
Green: 73 15914
Yellow: 9 1962
Discard: 119 25942show firewall policer counters (counter-id counter-index detail) (EX8200 Switches only)
user@switch> show firewall policer counters
counter-id 0 detailPolicer Counter Index 0:
Bytes Packets
Green: 73 15914
Yellow: 9 1962
Discard: 119 25942
Filter name Term name Policer name
myfilter polcr-term-1 myfilter-polcr-1
inet-filter-ae ae-snmp policer-1
inet-filter-ae ae-ssh policer-2