display firewall topn
Function
The display firewall topn command displays top N source or destination IPv4 addresses that have the largest number of sessions or the most traffic.
Format
display firewall topn source-ip { session-number | traffic [ interval interval ] } all-systems [ destination ip-address { range start-ip-address end-ip-address | ip-address | top-number number | slot slot-id cpu cpu-id ] *
display firewall topn destination-ip { session-number | traffic [ interval interval ] } all-systems [ source ip-address { range start-ip-address end-ip-address | ip-address | top-number number | slot slot-id cpu cpu-id ] *
display firewall topn source-ip { session-number | traffic [ interval interval ] } [ vsys vsys-name ] [ destination ip-address { range start-ip-address end-ip-address | ip-address | source-zone zone-name | top-number number | slot slot-id cpu cpu-id ] *
display firewall topn destination-ip { session-number | traffic [ interval interval ] } [ vsys vsys-name ] [ source ip-address { range start-ip-address end-ip-address | ip-address | source-zone zone-name | top-number number | slot slot-id cpu cpu-id ] *
Parameters
| Parameter | Description | Value |
|---|---|---|
source-ip |
Displays Top N source IPv4 addresses. |
- |
destination-ip |
Displays Top N destination IPv4 addresses. |
- |
session-number |
Displays Top N source or destination IPv4 addresses that have the largest number of sessions. |
- |
traffic |
Displays Top N source or destination IPv4 addresses that have the most traffic. |
- |
interval |
Specifies the traffic statistics interval. If you do not specify this parameter, the command displays Top N source IP addresses or destination addresses based on the traffic statistics collected within the latest 10s. |
The value is an integer ranging from 10 to 300, in seconds. The default value is 10. |
all-systems |
Displays the ranking result of the root system and all virtual systems. |
- |
vsys-name |
Specifies a virtual system. If no virtual system is specified, the ranking result of the root system is displayed. |
The specified virtual system must already exist. |
destination ip-address |
Indicates the destination IPv4 address range, used for top N source IPv4 address rankings. If you do not specify this parameter, the command displays all destination addresses. |
- |
source ip-address |
Indicates the source IPv4 address range, used for top N destination IPv4 address rankings. If you do not specify this parameter, the command displays all source addresses. |
- |
start-ip-address |
Specifies the start IPv4 address. |
The value is in dotted decimal notation. |
end-ip-address |
Specifies the end IPv4 address. |
The value is in dotted decimal notation. |
ip-address |
Specifies the IPv4 address. |
The value is in dotted decimal notation. |
zone-name |
Specifies the source security zone. |
The value must be the name of an existing security zone. |
number |
Displays first number IPv4 addresses. If you do not specify this parameter, first 10 IPv4 addresses are displayed. |
The value is an integer that ranges from 10 to 50. By default, the value is 10. |
slot-id |
Specifies the slot ID.Only the USG6635E/6655E, USG6680E and USG6712E/6716E support this parameter. |
- |
cpu-id |
Specifies the ID of CPU.Only the USG6635E/6655E, USG6680E and USG6712E/6716E support this parameter. |
- |
Usage Guidelines
After you run the display firewall topn command, the system may not display Top N IPv4 addresses immediately but postpones for a period of time. The latency is affected by the volume of instant messaging traffic. The larger the volume, the longer it takes for the system to collect and display the statistics.
To view the top N ranking result of a specified virtual system, you must set the vsys parameter in the root system. You cannot specify this parameter in the virtual system.
For top N IPv4 statistics, during ranking by traffic, the FW collects statistics on traffic processed by the SPU. Therefore, if hardware fast forwarding is enabled, and the ranking is based on traffic, statistics on traffic fast-forwarded cannot be collected. To collect statistics on all traffic, disable hardware fast forwarding first. IPv6 traffic does not support hardware fast forwarding; therefore, top N IPv6 statistics collection does not have this restriction.
If the ranking is based on sessions, statistics collection is not affected by the hardware fast forwarding function. This is because that sessions are created on the MPU, regardless of whether hardware fast forwarding is enabled.
Example
<sysname> display firewall topn source-ip traffic all-systems destination ip-address 1.1.1.1 Statistic result is being generated. Please wait patiently! <sysname> ------------------------------------------------------------------------------ Top N traffic rate (last 10 seconds) Ranking IP address Traffic rate(kb/s) VSYS 1 192.168.1.1 88000 public 2 192.168.1.2 10380 public 3 192.168.1.3 7750 public 4 192.168.1.4 6610 public 5 192.168.1.5 6010 public 6 192.168.1.6 4660 public 7 192.168.1.7 4310 public 8 192.168.1.8 3790 public 9 192.168.1.9 3470 public 10 192.168.1.10 2600 public ------------------------------------------------------------------------------ ------------------------------------------------------------------------------ Top N traffic rate (last 10 seconds) Ranking IP address Traffic rate(pps) VSYS 1 192.168.1.1 8800 public 2 192.168.1.2 1038 public 3 192.168.1.3 775 public 4 192.168.1.4 661 public 5 192.168.1.5 601 public 6 192.168.1.6 466 public 7 192.168.1.7 431 public 8 192.168.1.8 379 public 9 192.168.1.9 347 public 10 192.168.1.10 260 public ------------------------------------------------------------------------------
<sysname> display firewall topn source-ip session-number Statistic result is being generated. Please wait patiently! <sysname> ------------------------------------------------------------------------------ Top N Session number (source IP) Ranking IP address Session number VSYS 1 192.168.1.1 8800 public 2 192.168.1.2 1038 public 3 192.168.1.3 775 public 4 192.168.1.4 661 public 5 192.168.1.5 601 public 6 192.168.1.6 466 public 7 192.168.1.7 431 public 8 192.168.1.8 379 public 9 192.168.1.9 347 public 10 192.168.1.10 260 public ------------------------------------------------------------------------------
<sysname> display firewall topn destination-ip session-number Statistic result is being generated. Please wait patiently! <sysname> ------------------------------------------------------------------------------ Top N Session number (destination IP) Ranking IP address Session number VSYS 1 192.168.1.1 8800 public 2 192.168.1.2 1038 public 3 192.168.1.3 775 public 4 192.168.1.4 661 public 5 192.168.1.5 601 public 6 192.168.1.6 466 public 7 192.168.1.7 431 public 8 192.168.1.8 379 public 9 192.168.1.9 347 public 10 192.168.1.10 260 public ------------------------------------------------------------------------------
Item |
Description |
|---|---|
Ranking |
Ranking number. |
IP address |
Source IP addresses by session count. |
Traffic rate |
Traffic rate, which can be the rate of bytes or the rate of packets.
|
Session number |
Number of sessions. |
VSYS |
Virtual system name. public indicates the root system. |