SRX

Expand all | Collapse all

Firewall filter and "Count" action

Jump to Best Answer
  • 1.  Firewall filter and "Count" action

    Posted 10-16-2017 06:55

    Hi everyone,

     

    In Cisco, we use " log" option to count packets that match particular access list statement but this is control plane acivity

    In Juniper we use " Count" with " then " statement to acheive the same result , I am wondering if this is all implemented in data plane or Control plane is interrupted ?

     

     

    Thanks and have a nice day!!



  • 2.  RE: Firewall filter and "Count" action
    Best Answer

     
    Posted 10-17-2017 02:31
    Hi,

    In Juniper, count & log actions are retained on the PFE [data plane] which can be retrieved by the RE [control plane] via cli commands.

    Cheers,
    Ashvin


  • 3.  RE: Firewall filter and "Count" action

     
    Posted 10-19-2017 23:07

    Hi Folks,

    As Ashvin mentioned it is done in pfe; so we should be careful in limiting or enabling it based on the volume of traffic getting logged. Else, we can expect high amount of traffic destined to RE from PFE due to these actions and host traffic may get chocked. On a safer side use this for troubleshooting .