Step 2: Display Key IP Header Information

Action

To display key IP header information if you have a firewall configured with a log action, enter the following JUNOS CLI operational mode command:

user@host> show firewall log

Sample Output

user@R1> show firewall log 

Time     Filter     A Interface        Pro Source address  Destination address

16:08:04 pfe        A so-1/1/0.0       ICM 123.168.10.65   123.168.10.66:24373

16:08:03 pfe        A so-1/1/0.0       ICM 123.168.10.65   123.168.10.66:29531

16:08:02 pfe        A so-1/1/0.0       ICM 123.168.10.65   123.168.10.66:27265

16:08:01 pfe        A so-1/1/0.0       OSP 123.168.10.65   212.0.0.5:48

16:08:01 pfe        A so-1/1/0.0       ICM 123.168.10.65   123.168.10.66:43943

16:08:00 pfe        A so-1/1/0.0       ICM 123.168.10.65   123.168.10.66:58572

16:07:59 pfe        A so-1/1/0.0       ICM 123.168.10.65   123.168.10.66:56307

16:07:58 pfe        A so-1/1/0.0       ICM 123.168.10.65   123.168.10.66:60185

16:07:57 pfe        A so-1/1/0.0       ICM 123.168.10.65   123.168.10.66:1600

16:07:56 pfe        A so-1/1/0.0       ICM 123.168.10.65   123.168.10.66:6502

16:07:55 pfe        A so-1/1/0.0       ICM 123.168.10.65   123.168.10.66:17548

16:07:54 pfe        A so-1/1/0.0       ICM 123.168.10.65   123.168.10.66:5298

16:07:53 pfe        A so-1/1/0.0       ICM 123.168.10.65   123.168.10.66:24536

16:07:52 sample-test A so-1/1/0.0       ICM 123.168.10.65   123.168.10.66:24373

16:07:52 sample-test A local            ICM 123.168.10.66   123.168.10.65:22325

16:07:52 pfe        A so-1/1/0.0       ICM 123.168.10.65   123.168.10.66:27900

16:07:51 pfe        A so-1/1/0.0       OSP 123.168.10.65   212.0.0.5:48

16:07:51 sample-test A so-1/1/0.0       ICM 123.168.10.65   123.168.10.66:29531

16:07:51 sample-test A local            ICM 123.168.10.66     
123.168.10.65:27483

What It Means

The sample output shows key IP header information about firewall filters on the router. The source and destination addresses of packets provide important information when you investigate problems on the router.

The Filter field contains information about how a packet traveled through the router before it was handled by either the Routing Engine or the Packet Forwarding Engine.

• If the filter name appears in the Filter field, the Routing Engine handled the packet. For example, sample-test is a firewall filter configured at the [edit firewall] hierarchy level.
• If the word pfe appears in the Filter field, the Packet Forwarding Engine handled the packet. The Packet Forwarding Engine receives information about the name of the firewall filter.

All packets were accepted (A). Other actions are discard (D) and reject (R).

The Interface column shows that all packets came through so-1/1/0.0, and icm or osp are the represented protocols. Other possible protocol names are: egp, gre, ipip, pim, resp, tcp, or udp.