[j-nsp] SRX Command

Harri Makela harri_makela at yahoo.com
Tue Sep 24 08:37:35 EDT 2013 

Thanks for lookup

We have JUNOS Software Release [10.4R5.5] and it doesn`t look like that we have the option indictaed in last mail

admin at SRX-3600-P> show security policies ?
Possible completions:
  <[Enter]>            Execute this command
  detail               Show the detailed information
  from-zone            Show the policy information matching the given source zone
  policy-name          Show the policy information matching the given policy name
  to-zone              Show the policy information matching the given destination zone
  |                    Pipe through a command
{primary:node0}
admin at SRX-3600-P> show security policies hit
                                               ^

I can capture all duplicate policies and delete which are not required for same flow but the ones which are not being used and are there for nothing, I would like to delete them. Not sure how I can accomlpish that with a JUNOS command which I have to run in parallel with a shell script.

Looking forward to get some feedback.

Thanks
HM





________________________________
 From: Ben Dale <bdale at comlinx.com.au>
To: Edward Dore <edward.dore at freethought-internet.co.uk> 
Cc: Harri Makela <harri_makela at yahoo.com>; "juniper-nsp at puck.nether.net" <juniper-nsp at puck.nether.net> 
Sent: Tuesday, 24 September 2013, 5:45
Subject: Re: [j-nsp] SRX Command
 

After I spent a bit of time building an op script to print policy matches out in a nicely formatted table, I notice that this feature is now available for all policies even without the "then count" action from 12.1:

show security policies hit-count

Cheers,

Ben

On 24/09/2013, at 8:45 AM, Edward Dore <edward.dore at freethought-internet.co.uk> wrote:

> You'll need to add the "count" action to the "then" statement on each security policy if you want to track the number of times that the policy has been matched.
> 
> Edward Dore 
> Freethought Internet 
> 
> On 23 Sep 2013, at 23:08, Harri Makela wrote:
> 
>> Hi All
>> 
>> Is there any command in SRX which I can use to check "number of times FW policy has been used". Actually I want to clear all FW policies which are not being used for last 12 months or so.  I don`t know much about scripting but can try to get some help if I can think of a command which can be rung through different zones combinations.
>> 
>> 
>> Thanks in Advance !
>> HM
>> _______________________________________________
>> juniper-nsp mailing list juniper-nsp at puck.nether.net
>> https://puck.nether.net/mailman/listinfo/juniper-nsp
> 
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
>

More information about the juniper-nsp mailing list