Switching

Expand all | Collapse all

Two firewall terms with same counters, will the count add up?

Jump to Best Answer
  • 1.  Two firewall terms with same counters, will the count add up?

    Posted 08-28-2018 22:07

    Here is my firewall configuration, with 2 terms sharing same counter name "profile1"

     

    family inet {
        filter filter1 {
            term 1 {
                from {
                    source-address {
                        198.27.134.230/32;
                    }
                    destination-address {
                        10.2.3.3/32;
                    }
                    dscp 10;
                    protocol tcp;
                    source-port 20;
                    destination-port 1-65535;
                }
                then {
                    count profile1;
                    accept;
                    dscp af11;
                }
            }
            term 0 {
                from {
                    dscp 10;
                    source-port 10-3;
                }
                then {
                    count profile1;
                    discard;
                }
            }
        }
    }
    

    From operational mode when I do: show firewall: I get: 

    Filter: filter1
    Counters:
    Name                                                Bytes              Packets
    profile1                                              0                    0
    

    Does this mean the profile1 stats will add-up the matches from both term 0 and term 1 ??

     

    Thank you. 



  • 2.  RE: Two firewall terms with same counters, will the count add up?
    Best Answer

    Posted 08-28-2018 23:06

    Hello,

    Correct.

    Moreover, if You assign this filter to >1 logical interface, the matching pkt/byte stats from all interfaces with this filter attached  will be accumulated in this single counter.

    HTH

    Thx
    Alex