Table 12: show firewall Output Fields
Field DescriptionField Name
Name of a filter that has been configured with the filter statement at the [edit firewall] hierarchy
level.
Except on EX Series switches:
• When an interface-specific filter is displayed, the name of the filter is followed by the full
interface name and by either -i for an input filter or -o for an output filter.
• When dynamic filters are displayed, the name of the filter is followed by the full interface name
and by either -in for an input filter or -out for an output filter. When a logical system–specific
filter is displayed, the name of the filter is prefixed with two underscore (__) characters and the
name of the logical system (for example, __ls1/filter1).
• When a service filter is displayed that uses a service set, the separator between the service-set
name and the service-filter name is a semicolon (:).
NOTE: For bridge family filter, the ip-protocol match criteria is supported only for IPv4 and not
for IPv6. This is applicable for line cards that support the Junos Trio chipset, such as the MX 3D
MPC line cards.
Filter
Display filter counter information:
• Name—Name of a filter counter that has been configured with the counter firewall filter action.
• Bytes—Number of bytes that match the filter term under which the counter action is specified.
• Packets—Number of packets that matched the filter term under which the counter action is
specified.
NOTE: On M and T Series routers, firewall filters cannot count ip-options packets on a per option
type and per interface basis. A limited work around is to use the show pfe statistics ip options
command to see ip-options statistics on a per Packet Forwarding Engine (PFE) basis. See show
pfe statistics ip for sample output.
Counters
Display policer information:
• Name—Name of policer.
• Bytes—(For two-color policers on MX Series routers and EX Series switches, and for hierarchical
policers on interfaces hosted on MICs and MPCs in MX Series routers) Number of bytes that
match the filter term under which the policer action is specified. This is only the number
out-of-specification (out-of-spec) byte counts, not all the bytes in all packets policed by the
policer.
For other combinations of policer type, device, and line card type, this field is blank.
• Packets—Number of packets that matched the filter term under which the policer action is
specified. This is only the number of out-of-specification (out-of-spec) packet counts, not all
packets policed by the policer.
Policers
(EX8200 switch only) Global management counter ID. The counter ID value (counter-index) can
be 0, 1, or 2.
Policer Counter Index
(EX8200 switch only) Number of packets within the limits. The number of packets is smaller than
the committed information rate (CIR).
Green
(EX8200 switch only) Number of packets partially within the limits. The number of packets is
greater than the CIR, but the burst size is within the excess burst size (EBS) limit.
Yellow
Copyright © 2016, Juniper Networks, Inc.418
Port Mirroring Feature Guide for EX9200 Switches
To Next Page
Loading...
Need help?
General
