[an error occurred while processing this directive][an error occurred while processing this directive]

Example: Configuring Interface-Specific Firewall Counters and Filter Profiles

To collect and log count statistics collected by firewall filters on a per-interface basis, you must configure a filter profile and include the interface-specific statement at the [edit firewall filter filter-name] hierarchy level.

Configure the firewall filter accounting profile:

[edit accounting-options]file cust1_accounting {size 500k;}filter-profile cust1_profile {file cust1_accounting;interval 1;counters {r1;}}

Configure the interface-specific firewall counter:

[edit firewall]filter f3 {accounting-profile cust1_profile;interface-specific;term f3-term {then {count r1;accept;}}}

Apply the firewall filter to an interface:

[edit interfaces]xe-1/0/0 {unit 0 {family inet {filter {input f3;output f3;}address 20.20.20.30/24;}}}

The following example shows the contents of the cust1_accounting file in the /var/log folder that might result from the preceding configuration:

#FILE CREATED 995495212 2001-07-18-22:26:52
#hostname host
#profile-layout cust1_profile,epoch-timestamp,interfaces,filter-name,
counter-name,packet-count,byte-count
cust1_profile,995495572,xe-1/0/0.0,f3-xe-1/0/0.0-i,r1-xe-1/0/0.0-i,5953,1008257
cust1_profile,995495602,xe-1/0/0.0,f3-xe-1/0/0.0-o,r1-xe-1/0/0.0-o,5929,1006481
...

If the interface-specific statement is not included in the configuration, the following output might result:

#FILE CREATED 995495212 2001-07-18-22:26:52
#hostname host
#profile-layout cust1_profile,epoch-timestamp,interfaces,filter-name,
counter-name,packet-count,byte-count
cust1_profile,995495572,xe-1/0/0.0,f3,r1,5953,1008257
cust1_profile,995495632,xe-1/0/0.0,f3,r1,5929,1006481

Published: 2010-04-27

[an error occurred while processing this directive]