FAQ-USG是否支持查看报文命中nat server和NAT地址池进行转换的次数

发布时间:  2014-09-18 浏览次数:  173 下载次数:  0
问题描述
USG是否支持查看报文命中nat server和NAT地址池进行转换的次数?
解决方案
目前防火墙没有命令查看报文匹配nat server的次数。
防火墙也没有命令查看报文匹配NAT地址池的次数,但可以通过查看nat-policy或者ACL的命中次数间接判断NAT地址池的命中次数。
下面以nat-policy为例:
如果配置如下nat-policy:
[USG-nat-policy-interzone-trust-untrust-outbound-0]display this 
policy 0                                                                       
  action source-nat                                                             
  address-group 2 

查看nat-policy的命中次数,可以间接认为是NAT地址池的命中次数:
[USG]display nat-policy interzone trust untrust outbound   
nat-policy interzone trust untrust outbound                                     
policy 0 (122 times matched)                                                     
  action source-nat                                                             
  policy service service-set ip                                                 
  policy source any                                                             
  policy destination any                                                        
  address-group 2

END