Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 

request security policies check

 

Syntax

Release Information

Command introduced in Junos OS Release 18.4R1.

Description

Displays the security policy sync status between the Routing Engine and the Packet Forwarding Engine. Use the command to display a list of all security polices which are in-sync or out-of-sync on the device.

Use the show security policies checksum command to display the security policy checksum value and use the request security policies resync command to synchronize the configuration of security policies in the Routing Engine and Packet Forwarding Engine.

Options

<from-zone zone-nameDisplays security policies sync status from this zone.
globalDisplays global policies sync status.
logical-system (logical-system name | all)Displays security policies sync status for the security policies configured on a logical system or on all logical systems.
pfeDisplays security policies sync status for the security policies on the Packet Forwarding Engine.
root-logical-systemDisplays security policies sync status for the security policies configured on the root logical system. This is the default outcome.
to-zone zone-nameDisplays security policies sync status to this zone.
tenant tenant-nameDisplays security policies sync status for the security policies configured on a tenant.

Additional Information

Security policies are stored in the routing engine and the packet forwarding engine. Security policies are pushed from the Routing Engine to the Packet Forwarding Engine when you commit configurations. If the security policies on the Routing Engine are out of sync with the Packet Forwarding Engine, the commit of a configuration fails. Core dump files may be generated if the commit is tried repeatedly. The out of sync can be due to:

  • A policy message from Routing Engine to the Packet Forwarding Engine is lost in transit.

  • An error with the routing engine, such as a reused policy UID.

When the policy configurations are modified and the policies are out of sync, the following error message displays - error: Warning: policy might be out of sync between RE and PFE <SPU-name(s)>. Please request security policies check/resync.

Required Privilege Level

view

List of Sample Output

request security policies check

request security policies check logical-system LSYS1

request security policies check logical-system all

request security policies check from-zone trust to-zone untrust

Sample Output

request security policies check

user@host> request security policies check

request security policies check logical-system LSYS1

user@host> request security policies check logical-system LSYS1

request security policies check logical-system all

user@host> request security policies check logical-system all

request security policies check from-zone trust to-zone untrust

user@host> request security policies check from-zone trust to-zone untrust