Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
ON THIS PAGE
 

show security application-firewall rule-set

Syntax

Description

Display information about the specified rule set defined in the application firewall.

The application firewall is defined by a collection of rule sets. A rule set defines the rules that specify match criteria, including dynamic applications, and the action to be taken for matching traffic.

Starting in Junos OS Release 18.2R1, the application firewall (AppFW) functionality is deprecated. As a part of this change, the [edit security application-firewall] hierarchy and all the configuration options under this hierarchy are deprecated— rather than immediately removed—to provide backward compatibility and an opportunity to bring your configuration into compliance with the new configuration.

Options

rule-set-name

Display the name of the rule set.
all

(default) Display all rule sets for all logical systems. The user logical system administrator can display all rule sets only for the logical system they can access.
logical-system-name

Display application firewall rule set information for a specific logical system.
root-logical-system

Display application firewall rule set information for the root logical system (primary administrator only).

all-logical-systems-tenants

Display application firewall rule set information for all the logical systems and tenants.
tenant

Display application firewall rule set information for the tenant systems.

Required Privilege Level

view

Output Fields

Table 1 lists the output fields for the show security application-firewall rule-set command. Output fields are listed in the approximate order in which they appear.

Table 1: show security application-firewall rule-set Output Fields

Field Name

Field Description

Rule-set

Name of the rule set.

Logical system

Name of the logical system of the rule set.

Tenant

Name of the tenant system of the rule set.

Profile

The redirect profile to be used for rules requiring redirection for reject or deny actions.

Rule

Name of the rule

  • Dynamic applications—Name of the applications.

  • Dynamic application groups—Name of the application groups.

  • SSL-Encryption—Setting for SSL traffic.

  • Action—The action taken with respect to a packet that matches the application firewall rule set. Actions include the following:

    • permit

    • deny

    • reject

    • redirect

  • Number of sessions matched—Number of sessions matched with the application firewall rule.

  • Number of sessions redirected—Number of sessions redirected by the application firewall rule.

Default rule

The default rule applied when the identified application is not specified in any rules of the rule set.

  • Number of sessions matched—Number of sessions matched with the application firewall default rule.

  • Number of sessions redirected—Number of sessions redirected by the application firewall rule.

Number of sessions with appid pending

Number of sessions that are pending application identification processing

Sample Output

show security application-firewall rule-set my_ruleset1

Sample Output

show security application-firewall rule-set all

Sample Output

show security application-firewall rule-set ruleset1 tenant all

Release Information

Command introduced in Junos OS Release 11.1. Updated in Junos OS Release 12.1X44-D10 with output format changes. Updated in Junos OS Release 12.1X45-D10 with redirection counters.

The tenant and all-logical-systems-tenants options are introduced in Junos OS Release 18.4R1.

Related Documentation