Global policy count in SRX

As far as I know there is no single command to enable policy count option globally but you can do it via a group statement.
Be aware that policy count is a performance affecting feature, so think twice if your traffic volume is high. Here is how we can do it;

Once you apply this group, you can check any policy to see the policy counters;

You can see that policy statistics are enabled. When you check for other policies, you will see that it is enabled for all.

2 thoughts on “Global policy count in SRX

  1. yertz


    When using a 12.1 or higher release this is not needed anymore for security policies.
    Use the operational commands below to work with the counters per security policy.

    > show security policies hit-count ?
    > clear security policies hit-count ?

    The same can be done with NAT rules and pools.




You have a feedback?

This site uses Akismet to reduce spam. Learn how your comment data is processed.