Traffic statistics configuration on the USG2000&5000 series

26

You can configure traffic statistics on the CLI of the USG2000&5000 series:
1. Configure an ACL to define packets to be debugged.
2. Run the firewall statistic acl 3333 enable command in the diagnose view.
[USG-diagnose] firewall statistic acl 3333 enable
3. Run the display firewall statistic acl command in the diagnose view.
[USG-diagnose] display firewall statistic acl
14:33:26 2010/03/27
Current Show sessions count: 1
Protocol(ICMP) SourceIp(172.16.1.156) DestinationIp(172.16.1.25)
SourcePort(1) DestinationPort(2048) VpnIndex(public)
Receive Forward Discard
Obverse : 4 pkt(s) 4 pkt(s) 0 pkt(s)
Reverse : 4 pkt(s) 4 pkt(s) 0 pkt(s)

Discard detail information:
Check whether the firewall receives packets, forwards the packets, and receives return packets. If some packets are dropped, determine the packet loss location. View packet discard possible causes to identify the cause.
4. After debugging is complete, disable traffic statistics as soon as possible because long-term traffic statistics affect firewall performance.
5. Run the undo firewall statistic command to disable traffic statistics.
6. Run the reset firewall statistic acl all command to clear statistics.
7. If necessary, run the undo acl xxxx command to delete the configured ACL.

Other related questions:
Configuration of traffic mirroring on the CLI for the USG2000&5000 series
The USG2000&5000 series does not support traffic mirroring.

Configuring an address set for the USG2000&5000 series
The USG2000&5000 series supports configuring an address set using the web UI or CLI. An address set can contain IP addresses, network segments, IP address ranges, and MAC addresses and be contained in another address set. Configuring an address set using the web UI: Choose Firewall > Address > Address Set and then click Create in Address Set List. Enter or select the address set name and description, reference the address or address set, configure the IP address, and click Apply. Configuring an address set using the CLI: 1. Run the ip address-set address-set-name [ type { object | group } | vpn-instance vpn-instance-name ] * command in the system view to create an address set and access its view. 2. Run the address [ id ] { ip-address { 0 | wildcard | mask { mask-address | mask-len } } | range start-ip-address end-ip-address | address-set address-set-name | mac-address } [ description description ] command to add a member to this address set. You can run this command repeatedly to add multiple members to this address set. 3. Run the description text command to configure the address set description.

Configuration of traffic mirroring on the web UI for the USG2000&5000 series
The USG2000&5000 series does not support traffic mirroring.

Configuring ACLs for the USG2000&5000
The USG2000&5000 series supports configuring ACLs using the CLI. acl [ number ] acl-number [ vpn-instance vpn-instance-name ] [ match-order { config | auto } ] undo acl { all | [ number ] acl-number } The default matching order is config. An access control list contains a series of rules with permit or deny statements. You need to first create an access control list and then configure its rules. Example # Create an ACL numbered 2000. system-view [sysname] acl number 2000 [sysname-acl-basic-2000]

If you have more questions, you can seek help from following ways:
To iKnow To Live Chat
Scroll to top