Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?


show security flow gate



This command displays information about temporary openings known as pinholes or gates in the security firewall.

Pinholes are used by applications that commonly have both control and data sessions and must create openings in the firewall for the data sessions based on information from the parent sessions.


  • destination-port—Destination port

  • destination-prefix—Destination IP prefix or address

  • protocol—IP protocol number

  • source-port—Source port

  • source-prefix—Source IP prefix or address

  • brief | summary—Display the specified level of output.

Required Privilege Level


Output Fields

Table 1 lists the output fields for the show security flow gate command. Output fields are listed in the approximate order in which they appear.

Table 1: show security flow gate Output Fields

Field Name

Field Description


Range of flows permitted by the pinhole.


Tuples used to create the session if it matches the pinhole.

  • Source address and port

  • Destination address and port


Application protocol, such as UDP or TCP.


Name of the application.


Idle timeout for the pinhole.


Internal debug flags for the pinhole.


Incoming zone.

Reference count

Number of resource manager references to the pinhole.


Resource manager information about the pinhole.

Valid gates

Number of valid gates.

Pending gates

Number of pending gates.

Invalidated gates

Number of invalid gates.

Gates in other states

Number of gates in other states.

Total gates

Number of gates in total.

Maximum gates

Number of maximum gates

Sample Output

show security flow gate

show security flow gate brief

show security flow gate summary

Release Information

Command introduced in Junos OS Release 8.5.

Filter and display options added in Junos OS Release 10.2.