The security-policy statistic enable command enables the security policy-based traffic statistics function.
The undo security-policy statistic enable command disables the function.
Application Scenarios
By default, the function is disabled.
Number of packets and bytes that match a security policy in the forward and reverse directions. The statistical value and trend can be viewed only through the NMS.
The NMS sends an SNMP request to the FW to obtain the number of packets and bytes that match security policies in real time and displays the change trend of the statistics as the time changes.
After this function is disabled, the statistics stop, but the historical statistics are not cleared. You can run the reset security-policy statistic command to manually clear the historical statistics or wait for the automatic clearance of the statistics when the function is enabled next time.
Number of bytes (excluding the MAC header) of packets that match a security policy in forward and reverse directions per second, that is, the traffic rate, in bit/s. The statistics can be viewed only through the web UI.
By default, the traffic rate is collected every 5 minutes and displayed on the web UI. You can also run the security-policy traffic statistic interval-time command to set a statistical interval.
After this function is disabled, the statistics stop, and the historical statistics are cleared. You can run the reset security-policy statistic command to manually clear the historical statistics or wait for the automatic clearance of the statistics when the function is enabled next time.
Precautions
The function compromises device performance. Therefore, enable the function as required. Disable the function immediately if it is no longer used.
If the action of the traffic policy rule that a packet matches is deny, the packet is not collected. That is, only the packets permitted by the security policy are collected.