Hide Navigation Pane
Show Navigation Pane
Feedback
Download
SHA1
show security flow gate
Syntax
Release Information
Command introduced in Release 8.5 of Junos OS; Filter and display options added in Release 10.2 of Junos OS.
Description
Display information about temporary openings known as pinholes or gates in the security firewall.
Pinholes are used by applications that commonly have both control and data sessions and must create openings in the firewall for the data sessions based on information from the parent sessions.
Options
- destination-port
Destination port
- destination-prefix
Destination IP prefix or address
- protocol
IP protocol number
- source-port
Source port
- source-prefix
Source IP prefix or address
- brief | summary
Display the specified level of output.
Required Privilege Level
view
Related Topics
show security flow gate brief node
show security flow gate destination-port
show security flow gate destination-prefix
show security flow gate protocol
show security flow gate source-port
show security flow gate source-prefix
show security flow gate summary node
List of Sample Output
show security flow gateshow security flow gate brief
show security flow gate summary
Output Fields
Table 67 lists the output fields for the show security flow gate command. Output fields are listed in the approximate order in which they appear.
Table 67: show security flow gate Output Fields
Field Name | Field Description |
|---|---|
Hole | Range of flows permitted by the pinhole. |
Translated | Tuples used to create the session if it matches the pinhole.
|
Protocol | Application protocol, such as UDP or TCP. |
Application | Name of the application. |
Age | Idle timeout for the pinhole. |
Flags | Internal debug flags for the pinhole. |
Zone | Incoming zone. |
Reference count | Number of resource manager references to the pinhole. |
Resource | Resource manager information about the pinhole. |
Valid gates | Number of valid gates. |
Pending gates | Number of pending gates. |
Invalidated gates | Number of invalid gates. |
Gates in other states | Number of gates in other states. |
Total gates | Number of gates in total. |
Maximum gates | Number of maximum gates |
Sample Output
show security flow gate
user@host> show
security flow gate Hole: 0.0.0.0-0.0.0.0/0-0->40.1.1.252-40.1.1.252/64515-64515 Translated: 0.0.0.0/0->11.0.31.161/25415 Protocol: udp Application: none/0 Age: 101 seconds Flags: 0xe001 Zone: untrust Reference count: 1 Resource: 5-1024-8185 Hole: 0.0.0.0-0.0.0.0/0-0->40.1.1.252-40.1.1.252/1046-1046 Translated: 40.1.1.250/36039->11.0.31.161/5060 Protocol: udp Application: junos-sip/63 Age: 65535 seconds Flags: 0xe200 Zone: untrust Reference count: 1 Resource: 5-1024-8189 Hole: 0.0.0.0-0.0.0.0/0-0->40.1.1.5-40.1.1.5/24101-24101 Translated: 0.0.0.0/0->40.1.1.5/24101 Protocol: udp Application: none/0 Age: 93 seconds Flags: 0xe001 Zone: trust Reference count: 1 Resource: 5-1024-8188 Hole: 0.0.0.0-0.0.0.0/0-0->40.1.1.5-40.1.1.5/24100-24100 Translated: 0.0.0.0/0->40.1.1.5/24100 Protocol: udp Application: none/0 Age: 93 seconds Flags: 0xe001 Zone: trust Reference count: 1 Resource: 5-1024-8191 Hole: 0.0.0.0-0.0.0.0/0-0->40.1.1.250-40.1.1.250/5060-5060 Translated: 0.0.0.0/0->40.1.1.250/5060 Protocol: udp Application: junos-sip/63 Age: 65535 seconds Flags: 0xe200 Zone: trust Reference count: 1 Resource: 5-1024-8190
show security flow gate brief
root> show security flow gate briefFlow Gates on FPC4 PIC1: Hole: 40.0.0.111-40.0.0.111/0-0->30.0.0.100-30.0.0.100/38143-38143 Translated: 40.0.0.111/0->30.0.0.100/38143 Protocol: tcp Application: FTP ALG/79 Age: 65532 seconds Flags: 0x0080 Zone: trust Reference count: 1 Resource: 1-24576-86016 Valid gates: 1 Pending gates: 0 Invalidated gates: 0 Gates in other states: 0 Total gates: 1 Flow Gates on FPC5 PIC0: Valid gates: 0 Pending gates: 0 Invalidated gates: 0 Gates in other states: 0 Total gates: 0 Flow Gates on FPC5 PIC1: Valid gates: 0 Pending gates: 0 Invalidated gates: 0 Gates in other states: 0 Total gates: 0
show security flow gate summary
root> show security flow gate summaryFlow Gates on FPC4 PIC1: Valid gates: 1 Pending gates: 0 Invalidated gates: 0 Gates in other states: 0 Total gates: 1 Maximum gates: 131072 Flow Gates on FPC5 PIC0: Valid gates: 0 Pending gates: 0 Invalidated gates: 0 Gates in other states: 0 Total gates: 0 Maximum gates: 131072 Flow Gates on FPC5 PIC1: Valid gates: 0 Pending gates: 0 Invalidated gates: 0 Gates in other states: 0 Total gates: 0 Maximum gates: 131072
