Solved: Checking FMC PreFilter rule hit counts

mrjelly · ‎10-09-2023

Hello,

How do I check the hit count for a rule in a PreFilter set please?

thank you

mrjelly · ‎10-27-2023

Thank you, unfortunately the prefilter rule that is applied to the ftd through the policy did not show up, even through the PreFilter policy is applied to the FTD.

However I used FMC, went to the Prefilter rules, then clicked on 'Analyse Hit count' and saw there.

thank you for your help

View solution in original post

Marvin Rhoads · ‎10-09-2023

From the ftd clish as shown below. The first several lines will be your prefilter policy rules.

> show access-list 
access-list cached ACL log flows: total 0, denied 0 (deny-flow-max 4096)
            alert-interval 300
access-list CSM_FW_ACL_; 7 elements; name hash: 0x4a69e3f3
access-list CSM_FW_ACL_ line 1 remark rule-id 9998: PREFILTER POLICY: Default Tunnel and Priority Policy
access-list CSM_FW_ACL_ line 2 remark rule-id 9998: RULE: DEFAULT TUNNEL ACTION RULE
access-list CSM_FW_ACL_ line 3 advanced permit ipinip any any rule-id 9998 (hitcnt=0) 0xf5b597d6 
access-list CSM_FW_ACL_ line 4 advanced permit udp any eq 3544 any range 1025 65535 rule-id 9998 (hitcnt=0) 0x46d7839e 
access-list CSM_FW_ACL_ line 5 advanced permit udp any range 1025 65535 any eq 3544 rule-id 9998 (hitcnt=0) 0xaf1d5aa5 
access-list CSM_FW_ACL_ line 6 advanced permit 41 any any rule-id 9998 (hitcnt=0) 0x06095aba 
access-list CSM_FW_ACL_ line 7 advanced permit gre any any rule-id 9998 (hitcnt=0) 0x52c7a066

mrjelly · ‎10-27-2023

Thank you, unfortunately the prefilter rule that is applied to the ftd through the policy did not show up, even through the PreFilter policy is applied to the FTD.

However I used FMC, went to the Prefilter rules, then clicked on 'Analyse Hit count' and saw there.

thank you for your help