Hot!Command to output traffic statistics for each policy

Author
Hideki Uemura
New Member
  • Total Posts : 5
  • Scores: 0
  • Reward points: 0
  • Joined: 2019/09/03 19:39:55
  • Status: offline
2019/09/04 21:38:58 (permalink) 6.2
0

Command to output traffic statistics for each policy

Is there a command to output traffic statistics for each policy?
#1

6 Replies Related Threads

    OneOfUs
    Bronze Member
    • Total Posts : 30
    • Scores: 6
    • Reward points: 0
    • Joined: 2019/07/16 06:32:59
    • Status: offline
    Re: Command to output traffic statistics for each policy 2019/09/09 04:42:28 (permalink)
    5 (2)
    diagnose firewall iprope show 00100004 <policy-id>
     
    diagnose firewall iprope show 00100004 3
    idx=3 pkts/bytes=1572149/799803449 asic_pkts/asic_bytes=1501236/796584164 nturbo_pkts/nturbo_bytes=0/0 flag=0x0 hit count:12981
        first:2019-05-24 08:23:47 last:2019-09-04 07:55:43
     established session count:0
        first est:2019-05-24 08:23:47 last est:2019-09-04 07:45:39
    #2
    Hideki Uemura
    New Member
    • Total Posts : 5
    • Scores: 0
    • Reward points: 0
    • Joined: 2019/09/03 19:39:55
    • Status: offline
    Re: Command to output traffic statistics for each policy 2019/09/09 17:56:24 (permalink)
    0
    Thank you for the wonderful answer.
    You have made my way to the future.
    #3
    emnoc
    Expert Member
    • Total Posts : 5255
    • Scores: 347
    • Reward points: 0
    • Joined: 2008/03/20 13:30:33
    • Location: AUSTIN TX AREA
    • Status: online
    Re: Command to output traffic statistics for each policy 2019/09/09 22:16:58 (permalink)
    5 (1)
    The API would give the same details and would not require pre-knowledge of the policyid#
     
    e.g api entry point 
     
    https://192.168.1.99/api/v2/monitor/firewall/policy/
     
    Details would look similar to ;
     
        {
          "policyid":2,
          "uuid":"47cd84ec-ce3d-51e9-2d18-6ba8026ba89f",
          "active_sessions":430,
          "bytes":2643426116,
          "packets":35395089,
          "last_used":1568085842,
          "first_used":1567773847,
          "hit_count":29104,
          "session_last_used":1568085842,
          "session_first_used":1567773897,
          "session_count":4294967273
        }
     
     

    PCNSE,  NSE , Forcepoint ,  StrongSwan Specialist
    #4
    Hideki Uemura
    New Member
    • Total Posts : 5
    • Scores: 0
    • Reward points: 0
    • Joined: 2019/09/03 19:39:55
    • Status: offline
    Re: Command to output traffic statistics for each policy 2019/09/11 00:54:49 (permalink)
    0
    Thank you very much!!
    Is it possible to authenticate from URL?
    Because I want to get information using "curl" or "wget".
    post edited by Hideki Uemura - 2019/09/11 00:58:08
    #5
    emnoc
    Expert Member
    • Total Posts : 5255
    • Scores: 347
    • Reward points: 0
    • Joined: 2008/03/20 13:30:33
    • Location: AUSTIN TX AREA
    • Status: online
    Re: Command to output traffic statistics for each policy 2019/09/11 02:18:07 (permalink)
    5 (1)
    Yes, you can look at this blog for various examples.
     
    http://socpuppet.blogspot.com/2018/07/howto-use-fortios-api-to-add-delete.html
    http://socpuppet.blogspot.com/2019/09/howto-use-fortios-apiuser.html
     
    The last link shows a system wide get for monitoring firewall policy. Using the API you can ascertain counts for all policyid with out specifically apply them. This is an advantage over the diag firewal iprope show cmd which requires a "specific policyid" # to be included.
     
    YMMV but the API is more advance for monitoring.
     
    With either approach they help in auditing and identifying bad policy, or policy not being used. Policyid with no hits comes down to;
     
       policy ordering
       policy written wrong (src/dst-addr|interface, incorrect service, typo,...... )
       or the request/project for that policy-rule no longer exist
       
    Again YMMV on how you use the counts and hits. If I'm doing a project and audit. I always monitor the hits and last used time values in order to flag policyid thare no longer needed or to flag them for later review.
     
    e.g
    If you have a policyid and it has been used in 3+ month you probably do not need it 
     
    Ken Felix
     

    PCNSE,  NSE , Forcepoint ,  StrongSwan Specialist
    #6
    Hideki Uemura
    New Member
    • Total Posts : 5
    • Scores: 0
    • Reward points: 0
    • Joined: 2019/09/03 19:39:55
    • Status: offline
    Re: Command to output traffic statistics for each policy 2019/09/11 22:09:07 (permalink)
    0
    Thanks for your answer, I can do a good job !!
    #7
    Jump to:
    © 2019 APG vNext Commercial Version 5.5