华为USG防火墙查看流量策略匹配方法，类似思科packet-tracer

查看某个流量匹配哪条策略
例如查看以下的访问是否被放行，以及匹配哪1条策略

source IP: 10.248.1.1
destinationIP:  172.31.52.10
destination Port: tcp 443

命令：
display security-policy rule source 10.248.1.1 destination 172.31.52.10 protocol tcp destination-port 443

示例：

USG> display security-policy  rule source 10.248.1.1 destination 172.31.52.10 protocol tcp destination-port  443
2026-04-14 10:22:27.462 +08:00
 
RULE ID  RULE NAME                         STATE      ACTION       HITS        
------------------------------------------------------------------------------- 
561      out-in_202                       enable     permit       60

如何查看这条策略的明细内容


USG>display security-policy rule name out-in_202
2026-04-14 10:30:12.628 +08:00
 (60 times matched)
 rule name out-in_601
  source-zone DC/out
  source-address 10.248.1.1 mask 255.255.255.255
  destination-address 172.16.52.10 mask 255.255.255.255
  service protocol tcp destination-port 443
  action permit

查看所有的过期策略

display security-policy expired rule

查看

posted @ 2026-04-14 10:42 JacobJacob 阅读(6) 评论(0) 收藏举报

刷新页面返回顶部

华为USG防火墙查看流量策略匹配方法，类似思科packet-tracer

公告