Technical Tip: VIP hit count in the GUI is 0 when the traffic is passing

When the configured VIP security policy contains a VIP Group object, the VIP object's hit count will show 0 even though there is a hit count in the firewall policy.

Firewall Policy with VIP group address:

VIP Object ‘hit count’ is 0:

It is an expected behavior.

For v7.4 and above, alternatively, the hit count can be retrieved using the CLI via the below command:

diagnose firewall iprope show 100000 <VIP ID>

Example:

diagnose firewall iprope show 100000 1

idx=1

hit count:13 (9 0 0 4 0 0 0 0)

    first hit:2024-04-01 12:17:34 last hit:2024-04-19 14:38:21

Workaround:

1. Use the VIP object in the firewall policy instead of the VIP group:

2. Once the traffic hits the policy which uses the VIP object, the hit count will be increase: