Hi, guys,
Just would like to know if any way to view the local-in-policy hit count, thx a lot ?
I tried the normal method, but failed, as the following:
For viewing the hit count of a normal security policy ( working ) :
Ftg100E # diag firewall iprope show 00100004 36
idx=36 pkts/bytes=485923/517732782 asic_pkts/asic_bytes=474029/508168477 nturbo_pkts/nturbo_bytes=0/0 flag=0x0 hit count:207 first:2020-03-30 16:17:19 last:2020-07-22 12:46:59 established session count:0 first est:2020-03-30 16:23:14 last est:2020-07-22 12:46:59
For viewing the hit count of the local-in-policy ( not working ? :(
Ftg100E # diag firewall iprope show 00100001 1 idx=1 pkts/bytes=0/0 asic_pkts/asic_bytes=0/0 nturbo_pkts/nturbo_bytes=0/0 flag=0x0
Ftg100E # diag firewall iprope show 00100001 2 idx=2 pkts/bytes=0/0 asic_pkts/asic_bytes=0/0 nturbo_pkts/nturbo_bytes=0/0 flag=0x0
Please advice.
With many thanks.
Benson
Solved! Go to Solution.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Just need to add a bit flag IPROPE_F_POL_STATISTIC to local-in policy struct it seems. I'll try to enable this bit and send a patch for verification.
Just need to add a bit flag IPROPE_F_POL_STATISTIC to local-in policy struct it seems. I'll try to enable this bit and send a patch for verification.
Thx so much for your advice and recommendation
Tracked by mantis 0757046: Local-in policy hit count is not available in 'diag firewall iprope show'
It is already committed to FOS 7.x branch and available in build 0261.
Seems scheduled for FOS v6.4.9 as it is still in pending status (next official release is v6.4.8, current is v6.4.7).
Created on 08-13-2022 10:00 AM Edited on 08-13-2022 10:01 AM
Did this actually get implemented with 6.4.9? I still don't seem to be able to see it with my 40F running 6.4.9. Geo-blocking seems to be working so there should be some hits.
config firewall local-in-policy
edit 4
set intf "any"
set srcaddr "Blocked-Countries"
set dstaddr "all"
set service "ALL"
set schedule "always"
next
end
fg40f-utm (root) # diag firewall iprope show 00100001 4
idx=4 pkts/bytes=0/0 asic_pkts/asic_bytes=0/0 nturbo_pkts/nturbo_bytes=0/0 flag=0x0
Toshi
Hi @Toshi_Esumi
Just to response to your query, this did not get implemented in 6.2.x and 6.4.x. The feature is only available from 7.0.x onwards.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1733 | |
1106 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.