Method used to view packet loss information if packets cannot be captured on interfaces

If you cannot capture packets on firewall interfaces but you want to view packet loss information, you can use the quintuple packet capture statistics function. The operation is as follows:
1. Create an ACL.
[system] acl 3999
[system-acl-adv-3999] rule 5 permit icmp source 10.2.4.2 0 destination 10.2.2.2 0
[system] diagnose
[system-diagnose] firewall statistic acl 3999 enable
3. View quintuple packet capture statistics information.
system-view
[sysname] diagnose
[sysname-diagnose] display firewall statistics acl

********************************************************************************
* Summary of ACL-based packet statistics *
********************************************************************************
SLOT 1 CPU 1 RcvnFrag RcvFrag Forward DisnFrag DisFrag
Obverse(pkts) : 100 0 95 0 0
Reverse(pkts) : 100 0 100 0 0

SLOT 1 CPU 3 RcvnFrag RcvFrag Forward DisnFrag DisFrag
Obverse(pkts) : 2 0 2 0 0
Reverse(pkts) : 1 0 1 0 0

SLOT: 2 Fastforward Discard
Obverse(pkts) : 98 0
Reverse(pkts) : 999 0
Detailed information of discarded packets:

********************************************************************************
* Detailed information of ACL-based packet statistics *
********************************************************************************
Protocol(udp) SourceIp(10.2.4.2) DestinationIp(10.2.2.2)
SourcePort(333) DestinationPort(444) VpnIndex(public)
RcvnFrag RcvFrag Forward DisnFrag DisFrag
Obverse(pkts) : 2 0 2 0 0
Reverse(pkts) : 1 0 1 0 0
Discard detail information:

Protocol(udp) SourceIp(10.2.4.2) DestinationIp(10.2.2.2)
SourcePort(555) DestinationPort(666) VpnIndex(public)
RcvnFrag RcvFrag Forward DisnFrag DisFrag
Obverse(pkts) : 100 0 95 5 0
Reverse(pkts) : 100 0 100 0 0
Discard detail information:
Packet filter packets discarded: 5
Please check the security policy and whether the interface added to a security zone.
4. After locating the problem, run the undo firewall statistics acl command to disable the quintuple packet statistics function to prevent adverse impact on device performance.

Scroll to top