Junos OS

 View Only

IMPORTANT MODERATION NOTICE

This community is currently under full moderation, meaning  all posts will be reviewed before appearing in the community. Please expect a brief delay—there is no need to post multiple times. If your post is rejected, you'll receive an email outlining the reason(s). We've implemented full moderation to control spam. Thank you for your patience and participation.



interface-specific firewall counters without being configured

  • 1.  interface-specific firewall counters without being configured

    Posted 12-14-2021 10:42
    Hello,

    we have two MX204 routers with different JunOS Versions:
    - 18.2R3.4
    - 20.4R3.8

    both devices have the same layer3 firewall filter configured on multiple physical interfaces:

    show configuration firewall filter ssh-default-inbound 
    
    term ssh-default-inbound {
        from {
            destination-address {
                1.2.3.4/32;
            }
            source-prefix-list {
                re-ssh-connect;
            }
        }
        then {
            count ssh-default-inbound;
            accept;
        }
    }
    ​


    we expected one counter to appear, but for each interface there is a new counter created, without us having `interface-specific` set in the firewall filter.

    ssh-default-inbound-et-0/0/1.0-i         1811937           15912
    ssh-default-inbound-ae0.0-i              4937              912

    even after setting `interface-shared` in the firewall filter, the counters did not change.


    we do also see a generic counter gets created, but there is no counting happening, only on the individual interface counters:

    ssh-default-inbound         0           0​



    Is this a (MX specific?) bug or is there something wrong with the configuration? we tested the same config on an EX4600 switch, the counter is as expected only once there



    Thanks beforehand for any advice!