Junos OS

 View Only
last person joined: 20 hours ago 

Ask questions and share experiences about Junos OS.

interface-specific firewall counters without being configured

  • 1.  interface-specific firewall counters without being configured

    Posted 12-14-2021 10:42
    Hello,

    we have two MX204 routers with different JunOS Versions:
    - 18.2R3.4
    - 20.4R3.8

    both devices have the same layer3 firewall filter configured on multiple physical interfaces:

    show configuration firewall filter ssh-default-inbound 
    
    term ssh-default-inbound {
        from {
            destination-address {
                1.2.3.4/32;
            }
            source-prefix-list {
                re-ssh-connect;
            }
        }
        then {
            count ssh-default-inbound;
            accept;
        }
    }
    ​


    we expected one counter to appear, but for each interface there is a new counter created, without us having `interface-specific` set in the firewall filter.

    ssh-default-inbound-et-0/0/1.0-i         1811937           15912
    ssh-default-inbound-ae0.0-i              4937              912

    even after setting `interface-shared` in the firewall filter, the counters did not change.


    we do also see a generic counter gets created, but there is no counting happening, only on the individual interface counters:

    ssh-default-inbound         0           0​



    Is this a (MX specific?) bug or is there something wrong with the configuration? we tested the same config on an EX4600 switch, the counter is as expected only once there



    Thanks beforehand for any advice!