Microsoft Firewall service performance counters
The following table lists the performance counters for the Microsoft Firewall service.
| Performance counter | Description |
|---|---|
Accepting TCP Connections |
The number of connection objects that wait for a TCP connection from Firewall clients. |
Active Sessions |
The number of active sessions for the Firewall service. |
Active TCP Connections |
The number of active TCP connections currently passing data. Connections pending or not yet established are counted elsewhere. |
Active UDP Connections |
The number of active User Datagram Protocol (UDP) connections. |
Available Worker Threads |
The number of Firewall service worker threads that are available or waiting in the completion port queue. |
Back-connecting TCP Connections |
The number of TCP connections awaiting an inbound connect call to complete. These are connections placed by the Firewall service to a client after the Firewall service accepts a connection from the Internet on a listening socket. |
Bytes Read/sec |
The number of bytes read by the data pump per second. |
Bytes Written/sec |
The number of bytes written by the data pump per second. |
Connecting TCP Connections |
The number of TCP connections pending. These are connections awaiting completion between the Firewall service and remote computers. |
DNS Cache Entries |
The current number of Domain Name System (DNS) domain name entries cached as a result of Firewall service activity. |
DNS Cache Flushes |
The number of times that the DNS domain name cache has been flushed or cleared by the Firewall service. |
DNS Cache Hits |
The number of times a DNS domain name was found within the DNS cache by the Firewall service. |
DNS Cache Hits % |
The percentage of DNS domain names serviced by the DNS cache, from the total of all DNS entries that have been retrieved by the Firewall service. |
DNS Retrievals |
The number of DNS domain names that have been retrieved by the Firewall service. |
Failed DNS Resolutions |
The number of gethostbyname and gethostbyaddr application programming interface (API) calls that have failed. These are calls used to resolve host DNS domain names and IP addresses for Firewall service connections. |
Kernel Mode Data Pumps |
The number of kernel mode data pumps created by the Firewall service. |
Listening TCP Connections |
The number of connection objects that wait for TCP connections from remote Internet computers. |
Non-connected UDP mappings |
The number of mappings available for UDP connections. |
Pending DNS Resolutions |
The number of gethostbyname and gethostbyaddr API calls pending resolution. These are calls used to resolve host DNS domain names and IP addresses for Firewall service connections. |
SecureNAT Mappings |
The number of mappings created by SecureNAT. |
Successful DNS Resolutions |
The number of gethostbyname and gethostbyaddr API calls successfully returned. These are calls used to resolve host DNS domain names and IP addresses for Firewall service connections. |
Worker Threads |
The number of Firewall service worker threads that are currently active. |