< Home

Security Policy-based Traffic Statistics

This section describes traffic statistics based on security policies.

If the action of the traffic policy rule that a packet matches is deny, the packet is not collected. That is, only the packets permitted by the security policy are collected.

Enabling traffic statistics based on security policies affects system performance. Therefore, enable this function based on actual requirements and disable this function immediately after using it.

Configuration on the Web UI

After the traffic statistics function is enabled for security policies on the web UI, the device collects statistics on the total number of bytes (excluding the MAC header) of packets that match a security policy in forward and reverse directions per second. That is, the traffic rate, in bit/s. The statistics can be viewed only through the web UI.

  1. Choose Policy > Security Policy > Security Policy.
  2. Select Customize, so that the Traffic Statistics column is displayed in the security policy list. The Traffic Statistics column is hidden by default.
  3. Click the check box following the Traffic Statistics column. The Configuring Traffic Statistics page is displayed. Select Enable to enable traffic statistics based on security policies.

    If the check box following the Traffic Statistics column is selected, the traffic statistics function is enabled. If the check box is not selected, the traffic statistics function is disabled.

  4. You can set the statistics interval as required. The traffic rate is collected every 5 minutes by default and displayed in the Traffic Statistics column of the security policy list.

Configuration on the CLI

  1. Access the system view.

    system-view

  2. Enable the security policy-based traffic statistics function.

    security-policy statistic enable

    After this function is enabled, the following statistics are collected:

    • Number of packets and bytes that match a security policy in the forward and reverse directions. The statistical value and trend can be viewed only through the NMS.

      The NMS sends an SNMP request to the FW to obtain the number of packets and bytes that match security policies in real time and displays the change trend of the statistics as the time changes.

      After this function is disabled, the statistics stop, but the historical statistics are not cleared. You can run the reset security-policy statistic command to manually clear the historical statistics or wait for the automatic clearance of the statistics when the function is enabled next time.

    • Number of bytes (excluding the MAC header) of packets that match a security policy in forward and reverse directions per second, that is, the traffic rate, in bit/s. The statistics can be viewed only through the web UI.

      By default, the traffic rate is collected every 5 minutes and displayed on the web UI. You can also run the security-policy traffic statistic interval-time command to set a statistical interval.

      After this function is disabled, the statistics stop, and the historical statistics are cleared. You can run the reset security-policy statistic command to manually clear the historical statistics or wait for the automatic clearance of the statistics when the function is enabled next time.

Parent Topic: Security Policy Management
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic