request security policies resync

Syntax

Release Information

Command introduced in Junos OS Release 18.4R1.

Description

Synchronize the configuration of security policies in the Routing Engine and Packet Forwarding Engine.

This command recovers the security policies in the Packet Forwarding Engine. If policy inconsistencies between the Routing Engine and Packet Forwarding Engine are determined, the security policies resync.

Options

<from-zone zone-name—Recover the policies from this zone.

global—Recover global policies.

logical-system (logical-system name | all)—Recover the policies on all logical systems or on a particular logical system.

pfe—Recover the policies on the Packet Forwarding Engine.

root-logical-system—Recover the policies on the root logical system. This is the default option.

to-zone zone-name—Recover the policies to this zone.

tenant tenant-name—Recover the policies of a tenant.

Additional Information

Security policies are stored in the routing engine and the packet forwarding engine. Security policies are pushed from the Routing Engine to the Packet Forwarding Engine when you commit configurations. If the security policies on the Routing Engine are out of sync with the Packet Forwarding Engine, the commit of a configuration fails. Core dump files may be generated if the commit is tried repeatedly. The out of sync can be due to:

A policy message from Routing Engine to the Packet Forwarding Engine is lost in transit.
An error with the routing engine, such as a reused policy UID.

When the policy configurations are modified and the policies are out of sync, the following error message displays - error: Warning: policy might be out of sync between RE and PFE <SPU-name(s)>. Please request security policies check/resync.

Use the show security policies checksum command to display the security policy checksum value and use the request security policies check to display the security policy sync status.

Required Privilege Level

view