Verifying That Firewall Filters Are Operational
Purpose
After you configure and apply firewall filters to ports, VLANs, or Layer 3 interfaces, you can perform the following task to verify that the firewall filters configured on EX Series switches are working properly.
Action
Use the operational mode command to verify that the firewall filters on the switch are working properly:
user@switch> show firewall Filter: egress-vlan-watch-employee Counters: Name Bytes Packets counter-employee-web 0 0 Filter: ingress-port-voip-class-limit-tcp-icmp Counters: Name Bytes Packets icmp-counter 0 0 Policers: Name Packets icmp-connection-policer 0 tcp-connection-policer 0 Filter: ingress-vlan-rogue-block Filter: ingress-vlan-limit-guest
Meaning
The show firewall
command displays the names of all firewall filters, policers, and counters that are configured on the switch.
For each counter that is specified in a filter configuration, the output field shows the byte count and packet count for the term in which the counter is
specified. For each policer that is specified in a filter configuration, the output field shows the packet count for packets that exceed the specified rate
limits.