[j-nsp] Firewall Policy last session history !!

Harri Makela harri_makela at yahoo.com
Tue Mar 11 07:20:10 EDT 2014 

Hi There

We are using version 

Model: srx3600
JUNOS Software Release [11.4R7.5]

admin at X> show security policies ?           
Possible completions:
  <[Enter]>            Execute this command
  application-firewall  Show the information of application-firewall
  count                Number of policies to show (1..65535)
  detail               Show the detailed information
  from-zone            Show the policy information matching the given source zone
  global               Show the policy information of global policies
  logical-system       Logical-system name
  policy-name          Show the policy information matching the given policy name
  root-logical-system  Root logical-system (default)
  start                Show the policies from a given position (1..65535)
  to-zone              Show the policy information matching the given destination zone
  zone-context         Show the count of policies in each context (from-zone and to-zone)

no such option of hit count.





On Tuesday, 11 March 2014, 0:52, Graham Brown <juniper-nsp at grahambrown.info> wrote:
 
'show security policies hit-count' is your friend; however this will only tell you how many times a particular policy has been hit - not when it was last hit:

user at node> show security policies hit-count descending   
Logical system: root-logical-system
 Index   From zone        To zone           Name           Policy count
 1       external         internal          A 42953727     
 2       internal         external          B 23039407     
 3       external         junos-host        C 208804       
 4       internal         internal          D 31806        
 5       internal         external          E 28553        
 6       external         internal          F 3782         
 7       external         internal          G 2110         
 8       external         junos-host        H 17           
 9       external         junos-host        I 0            

Number of policy: 9

user at node> show security policies hit-count ?             
Possible completions:
  <[Enter]>            Execute this command
  ascending            Ascending order
  descending           Descending order
  from-zone            Show the policy hit-count matching the given source zone
  greater-than         Minimum hit-count  (0..4294967295)
  less-than            Maximum hit-count  (0..4294967295)
  to-zone              Show the policy hit-count matching the given destination zone
  |                    Pipe through a command

HTH,
Graham



On 11 March 2014 12:22, Will O'Brien <will.obrien at noaa.gov> wrote:

12.1 forward allows session counts. You can also log sessions...
>
>Will O'Brien
>
>
>> On Mar 10, 2014, at 6:03 PM, Harri Makela <harri_makela at yahoo.com> wrote:
>>
>> Hi There
>>
>> Is there any way we can tell on SRX platform when firewall policy has been used last time ?
>>
>> Thanks in advance !!
>>
>>
>>
>>
>> On Monday, 10 March 2014, 16:00, "juniper-nsp-request at puck.nether.net" <juniper-nsp-request at puck.nether.net> wrote:
>>
>> Send juniper-nsp mailing list submissions to
>>     juniper-nsp at puck.nether.net
>>
>> To subscribe or unsubscribe via the World Wide Web, visit
>>     https://puck.nether.net/mailman/listinfo/juniper-nsp
>> or, via email, send a message with subject or body 'help' to
>>     juniper-nsp-request at puck.nether.net
>>
>> You can reach the person managing the list at
>>     juniper-nsp-owner at puck.nether.net
>>
>> When replying, please edit your Subject line so it is more specific
>> than "Re: Contents of juniper-nsp digest..."
>>
>>
>> Today's Topics:
>>
>>    1. OSPF over DSL on SRX (Skeeve Stevens)
>>
>>
>> ----------------------------------------------------------------------
>>
>> Message: 1
>> Date: Tue, 11 Mar 2014 01:32:36 +1100
>> From: Skeeve Stevens <skeeve+junipernsp at eintellegonetworks.com>
>> To: "juniper-nsp at puck.nether.net" <juniper-nsp at puck.nether.net>
>> Subject: [j-nsp] OSPF over DSL on SRX
>> Message-ID:
>>     <CAEUfUGNebOdLQ0QnGCn1LJ4jQPya+7vcphV3TEdz-ZO5-UUa4A at mail.gmail.com>
>> Content-Type: text/plain; charset=ISO-8859-1
>>
>> Hey all,
>>
>> We know Juniper has the issue where they do not support MTU Ignore on OSPF.
>>
>> So I am wondering if anyone has managed to get OSPF working from an
>> SRX(110) to a Cisco over DSL service.
>>
>> Thanks.
>>
>> ...Skeeve
>>
>> *Skeeve Stevens - *eintellego Networks Pty Ltd
>> skeeve at eintellegonetworks.com ; www.eintellegonetworks.com
>>
>> Phone: 1300 239 038; Cell +61 (0)414 753 383 ; skype://skeeve
>>
>> facebook.com/eintellegonetworks ;  <http://twitter.com/networkceoau>
>> linkedin.com/in/skeeve
>>
>> twitter.com/theispguy ; blog: www.theispguy.com
>>
>>
>> The Experts Who The Experts Call
>> Juniper - Cisco - Cloud - Consulting - IPv4 Brokering
>>
>>
>> ------------------------------
>>
>> Subject: Digest Footer
>>
>> _______________________________________________
>> juniper-nsp mailing list
>> juniper-nsp at puck.nether.net
>> https://puck.nether.net/mailman/listinfo/juniper-nsp
>>
>> ------------------------------
>>
>> End of juniper-nsp Digest, Vol 136, Issue 12
>
>> ********************************************
>> _______________________________________________
>> juniper-nsp mailing list juniper-nsp at puck.nether.net
>> https://puck.nether.net/mailman/listinfo/juniper-nsp
>
>_______________________________________________
>juniper-nsp mailing list juniper-nsp at puck.nether.net
>https://puck.nether.net/mailman/listinfo/juniper-nsp
>


-- 
Graham Brown
Twitter - @mountainrescuer
LinkedIn

More information about the juniper-nsp mailing list