show security dynamic-policies
Syntax
show security dynamic-policies [detail] [from-zone zone] [scope-id id] [to-zone zone]
Description
显示在组成员上下载的动态策略。SRX100、SRX110、SRX210、SRX220、SRX240 和 SRX650 设备支持此命令。
Options
无 — 显示有关组成员上安装的所有策略的基本信息。
detail—(可选)显示组成员上安装的所有策略的详细视图。from-zone—(可选)显示有关在指定源区域的组成员上安装的策略的信息。scope-id—(可选)显示有关在组成员上安装的策略的信息,以获取指定的策略标识符。to-zone—(可选)显示有关在指定目标区域的组成员上安装的策略的信息。
Required Privilege Level
视图
Output Fields
表 1 列出了 命令的 show security dynamic-policies 输出字段。输出字段按其出现的大致顺序列出。
字段名称 |
字段说明 |
|---|---|
|
适用策略的名称。 |
|
策略的状态:
|
|
与策略关联的内部编号。 |
|
策略标识符。 |
|
给定环境中的策略数量。例如,可能会使用序列号 1、2 和 3 顺序订购在从区域A 到区段B 上下文中适用的三个策略。此外,在从区C 到区段的环境中,四个策略可能有序列号 1、2、3 和 4。 |
|
对于标准显示模式,策略的源地址名称。地址集由其个人名称解析。(在这种情况下,仅提供名称,而不是其 IP 地址。) 有关详细显示模式,则为策略的源地址的名称和对应 IP 地址。地址集将解决到其单独的地址名称-IP 地址对。 |
|
在目标区域的地址簿中输入目标地址(或地址集)的名称。数据包的目标地址必须与此值匹配,才能将策略应用于此值。 |
|
预配置或自定义应用程序的名称,其类型与数据包匹配,在配置时间指定。
|
|
必须是允许的。 |
|
必须是动态的。 |
|
源区域名称。 |
|
目标区域名称。 |
|
隧道名称、类型 (IPsec) 和索引号。 |
Sample Output
show security dynamic-policies
user@host> show security dynamic-policies
Policy: policy_forward-0001, State: enabled, Index: 1048580, Scope Policy: 4
Sequence number: 1
Source addresses:192.168.10.0/24
Destination addresses:192.168.20.0/24
Applications: Unknown
action-type: permit, tunnel:
Policy: policy_forward-0002, State: enabled, Index: 2097156, Scope Policy: 4
Sequence number: 2
Source addresses:192.168.10.0/24
Destination addresses:192.168.20.0/24
Applications: Unknown
action-type: permit, tunnel:
Sample Output
show security dynamic-policies detail
user@host> show security dynamic-policies detail
Policy: policy_forward-0001, action-type: permit, State: enabled, Index: 1048580,AI: disabled, Scope Policy: 4
Policy Type: Dynamic
Sequence number: 1
From zone: Host, To zone: untrust
Source addresses:192.168.10.0/24
Destination addresses:192.168.20.0/24
Application: Unknown
IP protocol: 6, ALG: 0, Inactivity timeout: 0
Source port range: [0-0]
Destination port range: [23-23]
Tunnel: Test Tunnel, Type: IPSec, Index: 1001
Policy: policy_backward-0001, action-type: permit, State: enabled, Index: 1048582,AI: disabled, Scope Policy: 6
Policy Type: Dynamic
Sequence number: 1
From zone: untrust, To zone: Host
Source addresses:192.168.10.0/24
Destination addresses:192.168.20.0/24
Application: Unknown
IP protocol: 6, ALG: 0, Inactivity timeout: 0
Source port range: [0-0]
Destination port range: [80-80]
Tunnel: Test Tunnel, Type: IPSec, Index: 1003
Policy: policy_internal-0001, action-type: permit, State: enabled, Index: 1048583,AI: disabled, Scope Policy: 7
Policy Type: Dynamic
Sequence number: 1
From zone: Internal, To zone: Host
Source addresses:192.168.1.0/24
Destination addresses:192.168.20.0/24
Application: Unknown
IP protocol: 6, ALG: 0, Inactivity timeout: 0
Source port range: [0-0]
Destination port range: [80-80]
Tunnel: Test Tunnel, Type: IPSec, Index: 1005
Policy: policy_external-0001, action-type: permit, State: enabled, Index: 1048584,AI: disabled, Scope Policy: 8
Policy Type: Dynamic
Sequence number: 1
From zone: Internal, To zone: untrust
Source addresses:192.168.1.0/24
Destination addresses:192.168.20.0/24
Application: Unknown
IP protocol: 6, ALG: 0, Inactivity timeout: 0
Source port range: [0-0]
Destination port range: [80-80]
Tunnel: Test Tunnel, Type: IPSec, Index: 1006
Policy: policy_forward-0002, action-type: permit, State: enabled, Index: 2097156,AI: disabled, Scope Policy: 4
Policy Type: Dynamic
Sequence number: 2
From zone: Host, To zone: untrust
Source addresses:192.168.10.0/24
Destination addresses:192.168.20.0/24
Application: Unknown
IP protocol: 6, ALG: 0, Inactivity timeout: 0
Source port range: [0-0]
Destination port range: [80-80]
Tunnel: Test Tunnel, Type: IPSec, Index: 1002
Policy: policy_backward-0002, action-type: permit, State: enabled, Index: 2097158,AI: disabled, Scope Policy: 6
Policy Type: Dynamic
Sequence number: 2
From zone: untrust, To zone: Host
Source addresses:192.168.10.0/24
Destination addresses:192.168.20.0/24
Application: Unknown
IP protocol: 6, ALG: 0, Inactivity timeout: 0
Source port range: [0-0]
Destination port range: [23-23]
Tunnel: Test Tunnel, Type: IPSec, Index: 1004
Sample Output
show security dynamic-policies from-zone Internal
user@host> show security dynamic-policies from-zone Internal
Policy: policy_internal-0001, State: enabled, Index: 1048583, Scope Policy: 7
Sequence number: 1
Applications: Unknown
action-type: permit, tunnel:
Policy: policy_external-0001, State: enabled, Index: 1048584, Scope Policy: 8
Sequence number: 1
Applications: Unknown
action-type: permit, tunnel:
Sample Output
show security dynamic-policies scope-id 8 from-zone Internal
user@host> show security dynamic-policies scope-id 8 from-zone Internal
Policy: policy_external-0001, State: enabled, Index: 1048584, Scope Policy: 8
Sequence number: 1
Applications: Unknown
action-type: permit, tunnel:
Sample Output
show security dynamic-policies detail from-zone Internal
user@host> show security dynamic-policies detail from-zone Internal
Policy: policy_internal-0001, action-type: permit, State: enabled, Index: 1048583,AI: disabled, Scope Policy: 7
Policy Type: Dynamic
Sequence number: 1
From zone: Internal, To zone: Host
Source addresses:192.168.1.0/24
Destination addresses:192.168.20.0/24
Application: Unknown
IP protocol: 6, ALG: 0, Inactivity timeout: 0
Source port range: [0-0]
Destination port range: [80-80]
Tunnel: Test Tunnel, Type: IPSec, Index: 1005
Policy: policy_external-0001, action-type: permit, State: enabled, Index: 1048584,AI: disabled, Scope Policy: 8
Policy Type: Dynamic
Sequence number: 1
From zone: Internal, To zone: untrust
Source addresses:192.168.1.0/24
Destination addresses:192.168.20.0/24
Application: Unknown
IP protocol: 6, ALG: 0, Inactivity timeout: 0
Source port range: [0-0]
Destination port range: [80-80]
Tunnel: Test Tunnel, Type: IPSec, Index: 1006
Sample Output
show security dynamic-policies detail from-zone Internal to-zone Host
user@host> show security dynamic-policies detail from-zone Internal to-zone Host
Policy: policy_internal-0001, action-type: permit, State: enabled, Index: 1048583,AI: disabled, Scope Policy: 7
Policy Type: Dynamic
Sequence number: 1
From zone: Internal, To zone: Host
Source addresses:192.168.1.0/24
Destination addresses:192.168.20.0/24
Application: Unknown
IP protocol: 6, ALG: 0, Inactivity timeout: 0
Source port range: [0-0]
Destination port range: [80-80]
Tunnel: Test Tunnel, Type: IPSec, Index: 1005
Release Information
在 Junos OS 10.2 版中引入的命令。