Interface Flow Counters

• From the Interface drop-down list, select the interface for which you want to view the counters.

• Click Refresh to update the flow counters with the most recent statistics.

The flow counters provide the following information:

address spoof: Indicates the number of suspected address spoofing attack packets received.

auth deny: Indicates the number of times user authentication was denied.

auth fail: Indicates the number of times user authentication failed.

big bkstr: Indicates the number of packets that are too big to buffer in the ARP backstore while waiting for MAC-to-IP address resolution.

connections: Indicates the number of sessions established since the last boot.

encrypt fail: Indicates the number of failed Point to Point Tunneling Protocol (PPTP) packets.

icmp broadcast: Indicates the number of ICMP broadcasts received.

icmp flood: Indicates the number of ICMP packets that are counted toward the ICMP flood threshold.

illegal pak: Indicates the number of packets dropped because they are illegal packets.

in arp req: Indicates the number of incoming arp request packets.

in arp resp: Indicates the number of outgoing arp request packets.

in bytes: Indicates the number of bytes received.

in icmp: Indicates the number of Internet Control Message Protocol (ICMP) packets received.

in other: Indicates the number of incoming packets that are of a different Ethernet type.

in packets: Indicates the number of packets received.

in self: Indicates the number of packets addressed to the NetScreen Management IP address.

in un auth: Indicates the number of unauthorized incoming TCP, UDP, and ICMP packets.

in unk prot: Indicates the number of incoming packets using an unknown protocol.

in vlan: Indicates the number of incoming vlan packets.

in vpn: Indicates the number of IPSec packets received.

invalid zone: Indicates the number of packets destined for an invalid security zone.

ip sweep: Indicates the number of packets received and discarded beyond the specified ip sweep threshold.

land attack: Indicates the number of suspected land attack packets received.

loopback drop: Indicates the number of packets dropped because the packets can’t be looped back.

mac relearn: Indicates the number of times that the MAC address learning table had to relearn the interface associated with a MAC address because the location of the MAC address changed.

mac tbl full: Indicates the number of times that the MAC address learning table completely filled up.

mal url: Indicates the number of blocked packets destined for a URL determined to be malicious.

misc prot: Indicates the number of packets using a protocol other than TCP, UDP, or ICMP.

mp fail: Indicates the number of times a problem occurred when sending a PCI message between the Auxiliary module and the Processor module.

no conn: Indicates the number of packets dropped because of unavailable Network Address Translation (NAT) connections.

no dip: Indicates the number of packets dropped because of unavailable Dynamic IP (DIP) addresses.

no fragnetpak: Indicates the number of times that the available space in the netpak buffer fell below 70%.

no frag sess: Indicates the number of times that fragmented sessions were greater than half of the maximum number of NAT sessions.

no g parent: Indicates the number of packets dropped because the parent connection could not be found.

no gate: Indicates the number of packets dropped because no gate was available.

no gate sess: Indicates the number of terminated sessions because there were no gates in the firewall for them.

no map: Indicates the number of packets dropped because there was no map to the trusted side.

no nat vector: Indicates the number of packets dropped because the Network Address Translation (NAT) connection was unavailable for the gate.

no nsp tunnel: Indicates the number of dropped packets sent to a tunnel interface to which no VPN tunnel is bound.

no route: Indicates the number of unroutable packets received.

no sa: Indicates the number of packets dropped because no Security Associations (SA) was defined.

no sa policy: Indicates the number of packets dropped because no access policy was associated with an SA.

no xmit vpnf: Indicates the number of dropped VPN packets due to fragmentation.

null zone: Indicates the number of dropped packets erroneously sent to an interface bound to the Null zone.

nvec err: Indicates the number of packets dropped because of NAT vector error.

out bytes: Indicates the number of bytes sent.

out packets: Indicates the number of packets sent.

out vlan: Indicates the number of outgoing vlan packets.

ping of death: Indicates the number of suspected ping-of-death attack packets received.

policy deny: Indicates the number of packets denied by a defined access policy.

port scan: Indicates the number of packets that are counted as a port scan attempt.

proc sess: Indicates the number of sessions on a Processor module.

sa inactive: Indicates the number of packets dropped because of an inactive SA.

sa policy deny: Indicates the number of packets denied by an SA policy.

sessn thresh: Indicates the threshold for the maximum number of sessions.

slow mac: Indicates the number of frames whose MAC addresses were slow to resolve.

src route: Indicates the number of packets dropped because of the filter source route option.

syn frag: Indicates the number of dropped SYN packets because of a fragmentation.

tcp out of seq: Indicates the number of TCP packets received whose sequence number is outside the acceptable range.

tcp proxy: Indicates the number of packets dropped from using a tcp proxy such as syn flood protection or user authentication.

tear drop: Indicates the number of packets blocked as part of a suspected tear drop attack.

tiny frag: Indicates the number of tiny fragmented packets received.

trmn drop: Indicates the number of packets dropped by traffic management.

trmng queue: Indicates the number of packets waiting in the queue.

udp flood: Indicates the number of UDP packets that are counted toward the UDP flood threshold.

url block: Indicates the number of HTTP requests that were blocked.

winnuke: Indicates the number of WinNuke attack packets received.

wrong intf: Indicates the number of packets received at an incorrect interface.

wrong slot: Indicates the number of packets erroneously sent to the wrong Processor module.