show system security-profile
Syntax
show system security-profile (all-resource | resource) detail | terse logical-system (logical-system-name ) root-logical-system tenant (tenant-name )
Description
Display information about a resource allocated to the logical system in a security profile. For each resource specified, the number used by the logical system and the configured maximum and reserved values are displayed.
The show system security-profile command can be used
by the primary administrator to display resource information for the
primary logical system or user logical system. This command can also
be used by the user logical system administrator to display resource
information for a user logical system.
Options
Either specify all-resource to display information
about all resources allocated for the logical system, or specify one
of the following resources:
address-book—Address books.
appfw-rule-set—Application firewall rule set entries.
appfw-rule—Application firewall rule entries.
auth-entry—Firewall authentication entries.
cpu—CPU utilization.
flow-gate—Flow gates, also known as pinholes.
flow-session—Flow sessions.
icap-redirect-profile—ICAP redirect profile resource information.
nat-cone-binding—Network Address Translation (NAT) cone bindings.
nat-destination-pool—NAT destination pools.
nat-destination-rule—NAT destination rules.
nat-nopat-address—NAT without port address translations.
nat-pat-address—NAT with port address translations.
nat-pat-portnum—NAT source port numbers for port translation
nat-port-ol-ipnumber—NAT port overloading IP numbers.
nat-rule-referenced-prefix—NAT rule referenced IP-prefixes.
nat-source-pool—NAT source pools.
nat-source-rule—NAT source rules.
nat-static-rule—NAT static rules.
policy—Security policies.
policy-with-count—Security policies with a count.
scheduler—Schedulers.
zone—Security zones.
detail | terse—(Optional) Display the specified level of output.
The following options are available only to the primary administrator:
logical-system—Display resource information for a specified user logical system. Specify
allto display resource information for all logical systems, including the primary logical system.root-logical-system—Display resource information for the primary (root) logical system.
summary—Display summary information about the resource for all logical systems.
tenant—Display resource information for a specified tenant system. Specify
allto display resource information for all tenant systems.
Required Privilege Level
view
Output Fields
Table 1 lists the output fields for the show system security-profile command. Output fields are listed in the approximate order in which
they appear.
Field Name |
Field Description |
|---|---|
|
Name of the logical system. |
|
Name of the tenant system. |
|
Name of the security profile bound to the logical system. |
|
Number of resources that are currently being used by the logical system. |
|
Number of resources that are guaranteed to be available to the logical system. |
|
Number of resources that the logical system can use. The maximum does not guarantee that the amount specified for the resource in the security profile is available. The maximum is not applicable for CPU resources. |
|
|
|
Upper limit for CPU utilization on the device. The default value is 80 percent. |
|
Central point (CP) or services processing unit (SPU).
CP utilization and average utilization of all SPUs is shown. The |
|
Packets dropped for CPU control. |
Sample Output
- show system security-profile all-resource
- show system security-profile all-resource tenant all
- show system security-profile policy
- show system security-profile cpu
- show system security-profile cpu logical-system all
- show system security-profile cpu summary
- show system security-profile nat-pat-portnum
- show system security-profile nat-pat-portnum summary
- show system security-profile icap-redirect-profile logical-system all
show system security-profile all-resource
user@host> show system security-profile all-resource resource usage reserved maximum [logical system name: root-logical-system] [security profile name: Default-Profile] address-book 0 0 512 auth-entry 0 0 2147483647 cpu on CP 0.00% 1.00% 80.00% cpu on SPU 0.00% 1.00% 80.00% flow-gate 0 0 524288 flow-session 2 0 6291456 nat-cone-binding 0 0 65536 nat-destination-pool 0 0 4096 nat-destination-rule 0 0 8192 nat-nopat-address 0 0 1048576 nat-pat-address 0 0 2048 nat-port-ol-ipnumber 0 0 4 nat-rule-referenced-prefix 0 0 1048576 nat-source-pool 0 0 2048 nat-source-rule 0 0 8192 nat-static-rule 0 0 20480 policy 0 0 40000 policy-with-count 0 0 1024 scheduler 0 0 64 zone 0 0 512
show system security-profile all-resource tenant all
user@host> show system security-profile all-resource tenant all resource usage reserved maximum [logical system or tenant name: tn1] [security profile name: SP1] address-book 0 0 2000 appfw-profile 0 0 2048 appfw-rule 0 0 114688 appfw-rule-set 0 0 57344 auth-entry 0 0 50000 cpu on CP 0.00% 0.00% 80.00% cpu on SPU 0.00% 0.00% 80.00% dslite-softwire-initiator 0 0 100000 flow-gate 0 0 524288 flow-session 0 0 119537664 icap-redirect-profile 0 0 64 nat-cone-binding 0 0 2097152 nat-destination-pool 0 0 8192 nat-destination-rule 0 0 30720 nat-interface-port-ol 0 0 256 nat-nopat-address 0 0 4194304 nat-pat-address 0 0 1048576 nat-pat-portnum 0 0 2576980378 nat-port-ol-ipnumber 0 0 128 nat-rule-referenced-prefix 0 0 1048576 nat-source-pool 0 0 12288 nat-source-rule 0 0 30720 nat-static-rule 0 0 30720 policy 0 0 80000 policy-with-count 0 0 1024 scheduler 0 0 64 security-log-stream-number 1 0 3 sla-policy 0 0 1024 zone 0 0 2000
show system security-profile policy
user@host> show system security-profile policy logical system name security profile name usage reserved maximum ls-product-design ls-design-profile 0 40 50
show system security-profile cpu
user@host> show system security-profile cpu CPU control: TRUE CPU control target: 80.00% logical system name profile name CPU name usage(%) reserved(%) drop rate(%) root-logical-system Default-Profile CP 0.00% 1.00% 0.00% root-logical-system Default-Profile SPU 0.00% 1.00% 0.00%
show system security-profile cpu logical-system all
user@host> show system security-profile cpu logical-system all CPU control: TRUE CPU control target: 80.00% logical system name profile name CPU name usage(%) reserved(%) drop rate(%) root-logical-system Default-Profile CP 0.00% 1.00% 0.00% root-logical-system Default-Profile SPU 0.00% 1.00% 0.00% ls-product-design ls-design-profile CP 0.00% 0.00% 0.00% ls-product-design ls-design-profile SPU 0.00% 0.00% 0.00% ls-marketing-dept ls-acct-mrkt-profile CP 0.00% 0.00% 0.00% ls-marketing-dept ls-acct-mrkt-profile SPU 0.00% 0.00% 0.00% logical system name security profile name usage reserved maximum root-logical-system Default-Profile 67108864 0 134217728 lsys1 profile1 193536 6000 134217728
show system security-profile cpu summary
user@host> show system security-profile cpu summary CPU control: TRUE CPU control target: 80.00% CPU type : CP global used amount : 0.00% global maximum quota : 80.00% global available amount : 80.00% total logical systems : 3 total security profiles : 3 heaviest usage / user : 0.00% / root-logical-system lightest usage / user : 0.00% / root-logical-system CPU type : SPU global used amount : 0.00% global maximum quota : 80.00% global available amount : 80.00% total logical systems : 3 total security profiles : 3 heaviest usage / user : 0.00% / root-logical-system lightest usage / user : 0.00% / root-logical-system
show system security-profile nat-pat-portnum
user@host> show system security-profile cpu nat-pat-portnum CPU control: TRUE CPU control target: 80.00% logical system name security profile name usage(%) reserved(%) maximum root-logical-system Default-Profile CP 67108864 0 134217728
show system security-profile nat-pat-portnum summary
user@host> show system security-profile nat-pat-portnum summary global used amount :67302400 global maximum quota :134217728 global available amount :66915328 total logical systems :2 total security profiles :1 heaviest usage / user :193536 / lsys1
show system security-profile icap-redirect-profile logical-system all
user@host> show system security-profile icap-redirect-profile logical-system all logical-system tenant name security profile name usage reserved maximum root-logical-system Default-Profile 2 0 64 LSYS1 SP1 1 30 64 LSYS2 SP2 1 30 64
Release Information
Command introduced in Junos OS Release 11.2.
Support for application firewall added in Junos OS Release 11.3.
Option to display all resources for a logical system added in Junos OS Release 11.
Resource information for ports in source NAT pools with port translation added in Release Junos OS 11.4.
The tenant option is introduced in Junos OS Release 18.3R1.
The icap redirect profile option is introduced in Junos OS Release 18.3R1.