: inspect network-policy dropped
Focus
Focus

inspect network-policy dropped

Table of Contents

inspect network-policy dropped

Use the inspect network-policy dropped command to inspect the dropped network policy rules. A configuration drop occurs when the complexity of the configuration requires more resources than allowed by the resource limit.
The policy rule complexity depends on multiple factors:
  • Number of Applications.
  • Number of Source IP Prefixes in the Source Prefix List.
  • Number of Destination IP Prefixes in the Destination Prefix List.
  • Application overlap within Policy Sets and within a Policy Set Stack.
Generally, rules requiring the most resources (other than default rules) are dropped first to stay within the resource limit.

Command

inspect network-policy dropped

Options

None

Command Notes

RoleSuper, Read Only
Related Commands
Introduced in Release 5.0.3

Example

inspect network-policy dropped Network Policy Resource Usage: Resource Limit : 1350000 Required Resources : 10 Adjusted Resource Use : 10 Non-Optimized Resource Use : 10 No dropped rules found.inspect network-policy dropped Network Policy Resource Usage: Resource Limit : 400 Required Resources : 423 Adjusted Resource Use : 400 Non-Optimized Resource Use : 423 Network Policy Rule : 15300304239150020 : newrelic-Policy Policy Set : 15300304235910157 : MKC-OrigPolicySet1 Stack Index : 0 Application Count : 1 Source Prefix : none Destination Prefix : none Resource Count : 1 Network Policy Rule : 15300304237690074 : scps-Policy Policy Set : 15300304235910157 : MKC-OrigPolicySet1 Stack Index : 0 Application Count : 1 Source Prefix : none Destination Prefix : none Resource Count : 1. . .