show security flow gate protocol

Syntax

show security flow gate protocol protocol-name [brief | summary]

Release Information

Command introduced in Release 10.2 of Junos OS.

Description

Display information about temporary openings known as pinholes or gates in the security firewall for the specified protocol.

Options

protocol-name

Protocol to use as a gate filter. Information about gates that use this protocol is displayed.

Possible protocols are:

ah

IP Security Authentication Header

egp

Exterior gateway protocol

esp

IPsec Encapsulating Security Payload

gre

Generic routing encapsulation

icmp

Internet Control Message Protocol

icmp6

Internet Control Message Protocol

igmp

Internet Group Management Protocol

ipip

IP over IP

ospf

Open Shortest Path First

pim

Protocol Independent Multicast

rsvp

Resource Reservation Protocol

sctp

Stream Control Transmission Protocol

tcp

Transmission Control Protocol

udp

User Datagram Protocol

brief | summary

Display the specified level of output.

Required Privilege Level

view

Related Topics

show security flow gate

List of Sample Output

show security flow gate protocol brief
show security flow gate protocol summary

Output Fields

Table 71 lists the output fields for the show security flow gate protocol command. Output fields are listed in the approximate order in which they appear.

Table 71: show security flow gate protocol Output Fields

Field Name

Field Description

Hole

Range of flows permitted by the pinhole.

Translated

Tuples used to create the session if it matches the pinhole.

  • Source address and port
  • Destination address and port

Protocol

Application protocol, such as UDP or TCP.

Application

Name of the application.

Age

Idle timeout for the pinhole.

Flags

Internal debug flags for the pinhole.

Zone

Incoming zone.

Reference count

Number of resource manager references to the pinhole.

Resource

Resource manager information about the pinhole.

Valid gates

Number of valid gates.

Pending gates

Number of pending gates.

Invalidated gates

Number of invalid gates.

Gates in other states

Number of gates in other states.

Total gates

Number of gates in total.

Sample Output

show security flow gate protocol brief

root> root> show security flow gate protocol tcp brief 
Hole: 40.0.0.111-40.0.0.111/0-0->30.0.0.100-30.0.0.100/37308-37308
  Translated: 40.0.0.111/0->30.0.0.100/37308
  Protocol: tcp
  Application: FTP ALG/79
  Age: 65414 seconds
  Flags: 0x0080
  Zone: trust
  Reference count: 1
  Resource: 1-24575-86015

Valid gates: 1
Pending gates: 0
Invalidated gates: 0
Gates in other states: 0
Total gates: 1

Flow Gates on FPC5 PIC0:

Valid gates: 0
Pending gates: 0
Invalidated gates: 0
Gates in other states: 0                
Total gates: 0

Flow Gates on FPC5 PIC1:

Valid gates: 0
Pending gates: 0
Invalidated gates: 0
Gates in other states: 0
Total gates: 0

show security flow gate protocol summary

root> show security flow gate protocol tcp summary
Flow Gates on FPC4 PIC1:

Valid gates: 1
Pending gates: 0
Invalidated gates: 0
Gates in other states: 0
Total gates: 1

Flow Gates on FPC5 PIC0:

Valid gates: 0
Pending gates: 0
Invalidated gates: 0
Gates in other states: 0
Total gates: 0

Flow Gates on FPC5 PIC1:

Valid gates: 0
Pending gates: 0
Invalidated gates: 0
Gates in other states: 0
Total gates: 0
Copyright© 1999-2010 Juniper Networks, Inc. All rights reserved.