beautypg.com

Monitoring stateful firewall filters – Juniper Networks J-Series User Manual

Page 160

background image

Table 70: Summary of Key Stateful Firewall Statistics Output Fields (continued)

Values

Field

Number of protocol errors detected:

IP—Number of IPv4 errors (for example,

Minimum IP header length check failures

).

TCP—Number of TCP errors (for example,

Source or destination port number is zero

).

UDP—Number of UDP errors (for example,

IP data length less than minimum UDP header length

(8 bytes)

).

ICMP—Number of ICMP errors (for example,

Duplicate ping sequence number

).

Non-IP Packets—Number of errors in packets that are not IPv4 packets.

ALG—Number of application-level gateway (ALG) errors.

For a complete list of protocol errors that are counted, see the description of the

show services

stateful-firewall statistics

command in the JUNOS System Basics and Services Command Reference.

Errors

Monitoring Stateful Firewall Filters

To view stateful firewall filter information in the J-Web interface, select
Monitor>Firewall>Stateful Firewall. To display stateful firewall filter information
for a particular address prefix, port, or other characteristic, type or select information
in one or more of the Narrow Search boxes, and click OK.

Alternatively, enter the following CLI

show

commands:

show services stateful-firewall conversations

show services stateful-firewall flows

Table 71 on page 138 summarizes key output fields for stateful firewall filters.

Table 71: Summary of Key Stateful Firewall Filters Output Fields

Values

Field

Protocol used for the specified stateful firewall flow.

Protocol

Source prefix of the stateful firewall flow.

Source IP

Source port number of stateful firewall flow.

Source Port

Destination prefix of the stateful firewall flow.

Destination IP

Destination port number of the stateful firewall flow.

Destination Port

Status of the stateful firewall flow:

Drop

—Drop all packets in the flow without response.

Forward

—Forward the packet in the flow without inspecting it.

Reject

—Drop all packets in the flow with response.

Watch

—Inspect packets in the flow.

Flow State

138

Using the Monitoring Tools

J-series™ Services Router Administration Guide

See also other documents in the category Juniper Networks Hardware: