A nice SRX command I’ve never come across before
Not sure why this command has to be so obscure, but I stumbled on this while writing a training course tonight – quite a nice way to see if packets are hitting your policies:
imtech@srx220-1-POD3> show security policies hit-count Logical system: root-logical-system Index From zone To zone Name Policy count 1 VR3a VR3b P1 0 2 VR3a untrust 3to1VPN 8320 3 VR3a untrust P1 3249 4 VR3b VR3a P1 0 5 VR3b untrust P1 0 6 untrust junos-host P1 8 7 untrust VR3a 1to3 5523 8 untrust VR3a P1 5 9 untrust VR3b permit-to-3b 0 10 untrust VR3b DEFAULT-DENY 16
