Fortinet black logo

New Features

Record central NAT and DNAT hit count

Copy Link
Copy Doc ID 4f6cd3c1-22cb-11eb-96b9-00505692583a:566618
Download PDF

Record central NAT and DNAT hit count

Daily hit counts for central NAT and DNAT can be displayed in the CLI for IPv4 and IPv6.

To view the central SNAT counter:
# diagnose firewall iprope show 10000d <id>
# diagnose firewall iprope6 show 10000d <id>
To view the DNAT counter:
# diagnose firewall iprope show 100000 <id>
# diagnose firewall iprope6 show 100000 <id>
To clear the counters:
# diagnose firewall iprope clear 10000d <id>
# diagnose firewall iprope clear 100000 <id>
# diagnose firewall iprope6 clear 10000d <id>
# diagnose firewall iprope6 clear 100000 <id>
Sample output
# diagnose firewall iprope show 10000d 1
idx=1 hit count:6 (2 4 0 0 0 0 0 0)
    first:2021-01-23 12:10:37 last:2021-01-24 12:12:24

For entry ID 1, there are a total of six counts since the last time the counter was cleared. There are six times where the traffic matches the central SNAT entry. The hit count of the present day and last seven days is displayed in parentheses.

# diagnose firewall iprope show 100000 1
idx=1 hit count:3 (1 2 0 0 0 0 0 0)
    first:2021-01-23 12:10:37 last:2021-01-24 12:12:23

For entry ID 1, there are a total of three counts since the last time the counter was cleared. There are three times where the traffic matches the DNAT (VIP) entry. The hit count of the present day and last seven days is displayed in parentheses.

Note

The hit counters can be used for NP offloaded traffic.

Record central NAT and DNAT hit count

Daily hit counts for central NAT and DNAT can be displayed in the CLI for IPv4 and IPv6.

To view the central SNAT counter:
# diagnose firewall iprope show 10000d <id>
# diagnose firewall iprope6 show 10000d <id>
To view the DNAT counter:
# diagnose firewall iprope show 100000 <id>
# diagnose firewall iprope6 show 100000 <id>
To clear the counters:
# diagnose firewall iprope clear 10000d <id>
# diagnose firewall iprope clear 100000 <id>
# diagnose firewall iprope6 clear 10000d <id>
# diagnose firewall iprope6 clear 100000 <id>
Sample output
# diagnose firewall iprope show 10000d 1
idx=1 hit count:6 (2 4 0 0 0 0 0 0)
    first:2021-01-23 12:10:37 last:2021-01-24 12:12:24

For entry ID 1, there are a total of six counts since the last time the counter was cleared. There are six times where the traffic matches the central SNAT entry. The hit count of the present day and last seven days is displayed in parentheses.

# diagnose firewall iprope show 100000 1
idx=1 hit count:3 (1 2 0 0 0 0 0 0)
    first:2021-01-23 12:10:37 last:2021-01-24 12:12:23

For entry ID 1, there are a total of three counts since the last time the counter was cleared. There are three times where the traffic matches the DNAT (VIP) entry. The hit count of the present day and last seven days is displayed in parentheses.

Note

The hit counters can be used for NP offloaded traffic.