.1.3.6.1.4.1.12356.101.5.1.2.1.1.2
So you can see that the firewall homefgt has 4 policyID 24/25/1/2 but only policy id #1 is taking traffic.
by querying the fwpolicy oid for statistics you can quickly ascertain what fwpolicyId by # is being used or not used.
If your only interesteding in un-used fwPolicyId # just do something like this and grep out the policy #
snmpwalk -v2c -c mycommunity 192.168.1.99 .1.3.6.1.4.1.12356.101.5.1.2.1.1.2 | egrep "Counter32: 0"
The output will clearly show you zero matched policies that you could dump to a sheet for later exploration and analysis.
For snmpv3. here's a working example;
Keep in mind, no matched for a policy that been installed for some considerable time is a good indicator of one of the following;
- policyid seq and order is incorrect
- service is wrong for that policy
- policy is written wrong with regards to src/dst address and src/dst interface|zone
The manual method for counting policy match is by the execution of the diag firewall iprope show 001000004 <policyid> command.
example;
diagnose firewall iprope show 00100004 2
idx=2 pkts/bytes=420878/339340862 asic_pkts/asic_bytes=405523/337996081 nturbo_pkts/nturbo_bytes=0/0 flag=0x0 hit count:3895
first:2020-07-07 20:58:07 last:2020-07-07 21:41:01
established session count:236
first est:2020-07-07 20:58:07 last est:2020-07-07 21:41:01
The above could be tiring some if you had hundreds or thousands of fwPolicy and only need to see the ones not being matched.
Ken Felix
NSE ( network security expert) and Route/Switching Engineer
kfelix -----a----t---- socpuppets ---dot---com
^ ^
=( @ @ )=
o
/ \
No comments:
Post a Comment