03-23-2017 08:55 AM - edited 03-12-2019 02:06 AM
Everyone, I am trying to get hitcounts for my access control policy rules applied to FTD device in Firepower Management Console 6.2. Does anyone know how to check hitcounts?
03-28-2017 01:14 AM
Hello,
1. Connect to the FTD sensor using SSH.
2. Type connect ftd to connect to the FTD sensor, so you get the > prompt.
3. Type the command: show access-control-config
Under each rule there is a rule hits number, which shows you the hitcount.
Rule Hits : 76243
http://www.cisco.com/c/en/us/td/docs/security/firepower/620/fdm/fptd-fdm-config-guide-620/fptd-fdm-access.html
> system support firewall-engine-debug
Please specify an IP protocol: tcp
Please specify a client IP address: 172.25.1.14
Please specify a client port:
Please specify a server IP address:
Please specify a server port:
Monitoring firewall engine debug messages
172.25.1.14-62321 > X.X.X.X-443 6 AS 0 I 0 New session
172.25.1.14-62321 > X.X.X.X-443 6 AS 0 I 0 Starting with minimum 0, id 0 and IPProto first with zones -1 -> -1, geo 0 -> 0, vlan 0, svc 0, payload 0, client 0, misc 0, user 60, url
05-19-2018 10:44 AM
09-11-2017 09:03 AM
Another option if you want to have hitcounts available in FMC is to go to Analysis > Custom > Custom Workflows and create a new workflow. You can give the workflow a name like 'ACL Hits' or whatever you like and Select the 'Connection Events' table. Next hit 'Add Page' and select the fields, generally I use Access Control Rule for the first column with priority of 3, Count next with a priority of 1, and Access Control Policy for the third cloum with a priority of 2 for colums/grouping. After this, you can go to Analysis > Connections > Events and click the 'Switch Workflow' link to select your new ACL Hits page. One neat feature is you can change the timeframe at the top right to only see counts within the specified range. Also be sure to log connection events (in the Access Control and/or Prefilter policies) to populate the information.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide