Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

show security ipsec statistics

Syntax

Description

Display standard IPsec statistics.

Options

  • none—Display statistics about all IPsec security associations (SAs).

  • fpc slot-number —Specific to SRX Series Firewalls. Display statistics about existing IPsec SAs in this Flexible PIC Concentrator (FPC) slot. This option is used to filter the output.

  • index SA-index-number —(Optional) Display statistics for the SA with this index number.

  • srg-id id-number —(Optional) Display information related to a specific services redundancy group (SRG) in a Multinode High Availability setup.

  • pic slot-number —Specific to SRX Series Firewalls. Display statistics about existing IPsec SAs in this PIC slot. This option is used to filter the output.

Required Privilege Level

view

Output Fields

Table 1 lists the output fields for the show security ipsec statistics command. Output fields are listed in the approximate order in which they appear.

Table 1: show security ipsec statistics Output Fields

Field Name

Field Description

Virtual-system

The root system.

ESP Statistics

  • Encrypted bytes—Total number of bytes encrypted by the local system across the IPsec tunnel.

  • Decrypted bytes—Total number of bytes decrypted by the local system across the IPsec tunnel.

  • Encrypted packets—Total number of packets encrypted by the local system across the IPsec tunnel.

  • Decrypted packets—Total number of packets decrypted by the local system across the IPsec tunnel.

AH Statistics

  • Input bytes—Total number of bytes received by the local system across the IPsec tunnel.

  • Output bytes—Total number of bytes transmitted by the local system across the IPsec tunnel.

  • Input packets—Total number of packets received by the local system across the IPsec tunnel.

  • Output packets—Total number of packets transmitted by the local system across the IPsec tunnel.

Errors

  • AH authentication failures—Total number of authentication header (AH) failures. An AH failure occurs when there is a mismatch of the authentication header in a packet transmitted across an IPsec tunnel.

  • Replay errors—Total number of replay errors. A replay error is generated when a duplicate packet is received within the replay window.

  • ESP authentication failures—Total number of Encapsulation Security Payload (ESP) failures. An ESP failure occurs when there is an authentication mismatch in ESP packets.

  • ESP decryption failures—total number of ESP decryption errors.

  • Bad headers—Total number of invalid headers detected.

  • Bad trailers—Total number of invalid trailers detected.

  • Invalid SPI— Total number of invalid SPIs packets detected.

  • TS check fail— Total number of TS check fail detected.

  • Discarded— Total number of discarded packets detected.

Sample Output

show security ipsec statistics

Sample Output

show security ipsec statistics index 131073

Starting with Junos OS Release 18.2R1, the CLI show security ipsec statistics index 131073 index-number output displays statistics for each forwarding class name.

Sample Output

show security ipsec statistics fpc 6 pic 1 (SRX Series Firewalls)

show security ipsec statistics (MX-SPC3)

Starting with Junos OS Release 21.3R1, a new field Tunnel MTU in the output of the CLI show security ipsec statistics displays the option configured under ipsec vpn hub-to-spoke-vpn tunnel-mtu hierarchy.

Release Information

Command introduced in Junos OS Release 8.5. fpc and pic options added in Junos OS Release 9.3.

Support for the ha-link-encryption option added in Junos OS Release 20.4R1.

Support for the srg-id option added in Junos OS Release 22.4R1.