Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
19473
Views
11
Helpful
5
Replies

firewall hit counts

Go to solution
suthomas1
Level 6
Level 6

‎10-23-2009 04:56 AM - edited ‎03-11-2019 09:30 AM

what does this "(hitcnt=*)" mean besides any rule in cisco firewall.

Also, i'm facing instances where even if the connection is initiated, i dont see anything coming on the firewall ( be it deny/permit/connection buildup). Routes & other factors are fine.

Please suggest.

Thanks!

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Leigh_Olsen
Level 1
Level 1

‎04-18-2012 03:59 AM

An asterisk means that the rule has been merged with other rules and thus the hit count cannot be accurate.

Please see

http://www.cisco.com/en/US/docs/security/fwsm/fwsm40/configuration/guide/traffc_f.pdf

View solution in original post

0 Helpful
5 Replies 5

Go to solution
Jatin Katyal
Cisco Employee
Cisco Employee

‎10-23-2009 05:18 AM

Hi,

"hitcnt" shows which ACL entry is hit how many times

Actually these command provides a packet count or hitcounts

This can be used on firewall "show run access-list"

This can be used on IOS devices "show ip access-list"

examples:

access-list acl_inside_out permit tcp any any eq www (hitcnt=3074)

The above access-list tells that its has been hit 3074 times.

access-list acl_inside_out permit tcp any host X.X.X.X eq smtp (hitcnt=0)

The access-list shows no hits against it.

You may go through this link for better understanding.

http://www.cisco.com/en/US/products/sw/secursw/ps1018/products_tech_note09186a00800a5b9a.shtml

HTH

JK

Pls rate helpful posts-

~Jatin

Go to solution
suthomas1
Level 6
Level 6
In response to Jatin Katyal

‎10-23-2009 05:27 AM

Thanks, my question was what does the * in hitcnt=* means? & about the logging thing.

0 Helpful

Go to solution
Panos Kampanakis
Cisco Employee
Cisco Employee
In response to suthomas1

‎10-23-2009 06:36 AM

The "hit-cnt" is the number of times this flow was permitted or denied by this ACL entry in the configured time interval. The value is 1 when the security appliance generates the first syslog message for this flow.

The syslog is here http://www.cisco.com/en/US/docs/security/asa/asa80/system/message/logmsgs.html#wp4769049

I hope it makes sense.

PK

Go to solution
suthomas1
Level 6
Level 6
In response to Panos Kampanakis

‎10-23-2009 08:55 AM

Thanks, am sorry if there is any confusion from my question here.My firewall just shows * symbol on certain rules, whereas other rules it shows hitcnt=0.

what difference does * & 0 indicate here. 0 appears when there is no connection covering this rule.

What is the case if only * appears?

0 Helpful

Go to solution
Leigh_Olsen
Level 1
Level 1

‎04-18-2012 03:59 AM

An asterisk means that the rule has been merged with other rules and thus the hit count cannot be accurate.

Please see

http://www.cisco.com/en/US/docs/security/fwsm/fwsm40/configuration/guide/traffc_f.pdf

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card