Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
ON THIS PAGE
 

Service Filter Overview

Services

The Adaptive Services Physical Interface Cards (PICs), Multiservices PICs, and Multiservices Dense Port Concentrators (DPCs) provide adaptive services interfaces. Adaptive services interfaces enable you to coordinate a special range of services on a single PIC or DPC by configuring a set of services and applications.

Note:

Service filters are not supported on T4000 routers.

Service Rules

A service set is an optional definition you can apply to the traffic at an adaptive services interface. A service set enables you to configure combinations of directional rules and default settings that control the behavior of each service in the service set.

Service Rule Refinement

When you apply a service set to the traffic at an adaptive services interface, you can optionally use service filters to refine the target of the set of services and also to process traffic. Service filters enable you to manipulate traffic by performing packet filtering to a defined set of services on an adaptive services interface before the traffic is delivered to its destination. You can apply a service filter to traffic before packets are accepted for input or output service processing or after packets return from input service processing.

Service Filter Counters

Like standard firewall filters, service filters support counting of matched packets. When you display counters for a service filter, however, the syntax for specifying the filter name includes the name of the service set to which the service filter is applied.

  • To enable counting of the packets matched by a service filter term, specify the count counter-name nonterminating action in that term.

  • To display counters for service filters, use the show firewall filter filter-name <counter counter-name> operational mode command, and specify the filter-name as follows:

For example, suppose you configure a service filter named out_filter with a counter named out_counter and apply that service filter to a logical interface to direct certain packets for processing by the output services associated with the service set nat_set. In this scenario, the syntax for using the show firewall operational mode command to display the counter is as follows:

Related Documentation