FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
hslee_FTNT
Staff
Staff
Article Id 193017
Description
This article describes how to check the hit count of policy from CLI.

Solution
(vdom) # edit vdom1
current vf=vdom1:3

(vdom1) # sh firewall security-policy
config firewall security-policy
    edit 1
        set uuid ed69bfaa-0af7-51ea-29b0-868d404b5eec
        set name "1"
        set srcintf "port27"
        set dstintf "port28"
        set srcaddr4 "all"
        set dstaddr4 "all"
        set srcaddr6 "all"
        set dstaddr6 "all"
        set enforce-default-app-port disable
        set service "ALL"
        set action accept
        set schedule "always"
    next
end

(vdom1) # next

(vdom) # edit root
current vf=root:0

(root) # diag ips pme policy stats
  pid=287 policy id: 1 vdom= 0 1 hit count: 3              <-----
  pid=287 policy id: 1 vdom= 3 1 hit count: 0
  pid=287 implicit vdom= 0 hit count: 7                    <-----

Contributors