[j-nsp] Firewall Policy last session history !!

Graham Brown juniper-nsp at grahambrown.info
Mon Mar 10 20:52:11 EDT 2014 

'show security policies hit-count' is your friend; however this will only
tell you how many times a particular policy has been hit - not when it was
last hit:

user at node> show security policies hit-count descending
Logical system: root-logical-system
 Index   From zone        To zone           Name           Policy count
 1       external         internal          A 42953727
 2       internal         external          B 23039407
 3       external         junos-host        C 208804
 4       internal         internal          D 31806
 5       internal         external          E 28553
 6       external         internal          F 3782
 7       external         internal          G 2110
 8       external         junos-host        H 17
 9       external         junos-host        I 0

Number of policy: 9

user at node> show security policies hit-count ?
Possible completions:
  <[Enter]>            Execute this command
  ascending            Ascending order
  descending           Descending order
  from-zone            Show the policy hit-count matching the given source
zone
  greater-than         Minimum hit-count  (0..4294967295)
  less-than            Maximum hit-count  (0..4294967295)
  to-zone              Show the policy hit-count matching the given
destination zone
  |                    Pipe through a command

HTH,
Graham


On 11 March 2014 12:22, Will O'Brien <will.obrien at noaa.gov> wrote:

> 12.1 forward allows session counts. You can also log sessions...
>
> Will O'Brien
>
> > On Mar 10, 2014, at 6:03 PM, Harri Makela <harri_makela at yahoo.com>
> wrote:
> >
> > Hi There
> >
> > Is there any way we can tell on SRX platform when firewall policy has
> been used last time ?
> >
> > Thanks in advance !!
> >
> >
> >
> >
> > On Monday, 10 March 2014, 16:00, "juniper-nsp-request at puck.nether.net" <
> juniper-nsp-request at puck.nether.net> wrote:
> >
> > Send juniper-nsp mailing list submissions to
> >     juniper-nsp at puck.nether.net
> >
> > To subscribe or unsubscribe via the World Wide Web, visit
> >     https://puck.nether.net/mailman/listinfo/juniper-nsp
> > or, via email, send a message with subject or body 'help' to
> >     juniper-nsp-request at puck.nether.net
> >
> > You can reach the person managing the list at
> >     juniper-nsp-owner at puck.nether.net
> >
> > When replying, please edit your Subject line so it is more specific
> > than "Re: Contents of juniper-nsp digest..."
> >
> >
> > Today's Topics:
> >
> >    1. OSPF over DSL on SRX (Skeeve Stevens)
> >
> >
> > ----------------------------------------------------------------------
> >
> > Message: 1
> > Date: Tue, 11 Mar 2014 01:32:36 +1100
> > From: Skeeve Stevens <skeeve+junipernsp at eintellegonetworks.com>
> > To: "juniper-nsp at puck.nether.net" <juniper-nsp at puck.nether.net>
> > Subject: [j-nsp] OSPF over DSL on SRX
> > Message-ID:
> >     <CAEUfUGNebOdLQ0QnGCn1LJ4jQPya+7vcphV3TEdz-ZO5-UUa4A at mail.gmail.com>
> > Content-Type: text/plain; charset=ISO-8859-1
> >
> > Hey all,
> >
> > We know Juniper has the issue where they do not support MTU Ignore on
> OSPF.
> >
> > So I am wondering if anyone has managed to get OSPF working from an
> > SRX(110) to a Cisco over DSL service.
> >
> > Thanks.
> >
> > ...Skeeve
> >
> > *Skeeve Stevens - *eintellego Networks Pty Ltd
> > skeeve at eintellegonetworks.com ; www.eintellegonetworks.com
> >
> > Phone: 1300 239 038; Cell +61 (0)414 753 383 ; skype://skeeve
> >
> > facebook.com/eintellegonetworks ;  <http://twitter.com/networkceoau>
> > linkedin.com/in/skeeve
> >
> > twitter.com/theispguy ; blog: www.theispguy.com
> >
> >
> > The Experts Who The Experts Call
> > Juniper - Cisco - Cloud - Consulting - IPv4 Brokering
> >
> >
> > ------------------------------
> >
> > Subject: Digest Footer
> >
> > _______________________________________________
> > juniper-nsp mailing list
> > juniper-nsp at puck.nether.net
> > https://puck.nether.net/mailman/listinfo/juniper-nsp
> >
> > ------------------------------
> >
> > End of juniper-nsp Digest, Vol 136, Issue 12
> > ********************************************
> > _______________________________________________
> > juniper-nsp mailing list juniper-nsp at puck.nether.net
> > https://puck.nether.net/mailman/listinfo/juniper-nsp
>
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
>



-- 
Graham Brown
Twitter - @mountainrescuer <https://twitter.com/#!/mountainrescuer>
LinkedIn <http://www.linkedin.com/in/grahamcbrown>

More information about the juniper-nsp mailing list