10-23-2009 04:56 AM - edited 03-11-2019 09:30 AM
what does this "(hitcnt=*)" mean besides any rule in cisco firewall.
Also, i'm facing instances where even if the connection is initiated, i dont see anything coming on the firewall ( be it deny/permit/connection buildup). Routes & other factors are fine.
Please suggest.
Thanks!
Solved! Go to Solution.
04-18-2012 03:59 AM
An asterisk means that the rule has been merged with other rules and thus the hit count cannot be accurate.
Please see
http://www.cisco.com/en/US/docs/security/fwsm/fwsm40/configuration/guide/traffc_f.pdf
10-23-2009 05:18 AM
Hi,
"hitcnt" shows which ACL entry is hit how many times
Actually these command provides a packet count or hitcounts
This can be used on firewall "show run access-list"
This can be used on IOS devices "show ip access-list"
examples:
access-list acl_inside_out permit tcp any any eq www (hitcnt=3074)
The above access-list tells that its has been hit 3074 times.
access-list acl_inside_out permit tcp any host X.X.X.X eq smtp (hitcnt=0)
The access-list shows no hits against it.
You may go through this link for better understanding.
http://www.cisco.com/en/US/products/sw/secursw/ps1018/products_tech_note09186a00800a5b9a.shtml
HTH
JK
Pls rate helpful posts-
10-23-2009 05:27 AM
Thanks, my question was what does the * in hitcnt=* means? & about the logging thing.
10-23-2009 06:36 AM
The "hit-cnt" is the number of times this flow was permitted or denied by this ACL entry in the configured time interval. The value is 1 when the security appliance generates the first syslog message for this flow.
The syslog is here http://www.cisco.com/en/US/docs/security/asa/asa80/system/message/logmsgs.html#wp4769049
I hope it makes sense.
PK
10-23-2009 08:55 AM
Thanks, am sorry if there is any confusion from my question here.My firewall just shows * symbol on certain rules, whereas other rules it shows hitcnt=0.
what difference does * & 0 indicate here. 0 appears when there is no connection covering this rule.
What is the case if only * appears?
04-18-2012 03:59 AM
An asterisk means that the rule has been merged with other rules and thus the hit count cannot be accurate.
Please see
http://www.cisco.com/en/US/docs/security/fwsm/fwsm40/configuration/guide/traffc_f.pdf
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide