Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

show security flow status

Syntax

Description

Display the flow processing modes and logging status.

Required Privilege Level

view

Output Fields

Table 1 lists the output fields for the show security flow status command. Output fields are listed in the approximate order in which they appear.

Table 1: show security flow status Output Fields

Field Name

Field Description

Flow forwarding mode

Flow processing mode.

  • Inet forwarding mode

  • Inet6 forwarding mode

  • MPLS forwarding mode

  • ISO forwarding mode

  • Session distribution mode

  • Enhanced route scaling mode

  • Tap mode: enabled, inspect ipip

Flow trace status

Flow logging status.

  • Flow tracing status

  • Flow tracing options

flow session distribution

SPU load distribution mode.

  • RR-based

  • Hash-based

GTP-U distribution

  • Enabled

Flow packet ordering

packet-ordering mode.

  • Hardware

  • Software

Flow ipsec performance acceleration

IPsec VPN performance acceleration status.

Flow power mode IPsec

Flow PowerMode IPsec status.

Flow Enhanced Service Mode

Flow Enhanced Service Mode status

  • Disabled

  • Enabled

  • Disabled (reboot needed to enable Enhanced Service Mode)

  • Enabled (reboot needed to disable Enhanced Service Mode)

Flow gre performance acceleration

GRE performance acceleration status.

Sample Output

show security flow status

Logical system or tenant system user output.

show security flow status (IPsec Performance Acceleration)

show security flow status (for hash-based datapath forwarding using SRX5K-MPC3-40G10G (IOC3) and SRX5K-MPC3-100G10G (IOC3)

show security flow status (SRX5400, SRX5600, SRX5600, and vSRX Virtual Firewall)

show security flow status (Tap mode enabled with IP-IP or GRE tunnel inspection on SRX300, SRX320, SRX340, SRX345, SRX1500, SRX4100, and SRX4200)

show security flow status (Enhanced Service Mode enabled on vSRX Virtual Firewall 3.0)

show security flow status (GRE Performance Acceleration)

show security flow status (PowerMode)

show security flow status (PowerMode IPsec QAT)

show security flow status (MX-SPC3 services card)

Release Information

Command introduced in Junos OS Release 10.2; session distribution mode option added in Junos OS Release 12.1X44-D10; enhanced route scaling mode option added in Junos OS Release 12.1X45-D10. GTP-U distribution option added in Junos OS Release 15.1X49-D40.

Starting in Junos OS Release 15.1X49-D10 and Junos OS Release 17.3R1, SRX5K-MPC3-100G10G (IOC3) and SRX5K-MPC3-40G10G (IOC3) are introduced for SRX5400, SRX5600, and SRX5800 devices that perform hash-based data path packet forwarding to interconnect with all existing IOC and SPC cards using the XL chip (packet-processing chip).

The IOC3 XL chip uses a hash-based method to distribute ingress traffic to a pool of SPUs by default. Selection of hash keys depends on application protocols.

Starting in Junos OS Release 18.3R1, flow PowerMode IPsec support is introduced on vSRX Virtual Firewall instances.

Starting in Junos OS Release 18.4R1, flow PowerMode IPsec support is introduced on SRX4100 and SRX 4200 devices.

Starting in Junos OS Release 18.2R2, flow PowerMode IPsec support is introduced on SRX5400, SRX5600, and SRX5800 devices.

Starting in Junos OS Release 19.1R1, flow PowerMode IPsec support is introduced on SRX4600 devices.

Starting in Junos OS Release 19.4R1, symmetric fat tunnel support is introduced on SRX5400, SRX5600, SRX5800, and vSRX Virtual Firewall instances.

Starting in Junos OS Release 20.3R1, Enhanced Service Mode is supported on vSRX Virtual Firewall 3.0. In this mode of service vSRX Virtual Firewall 3.0 can support upto 128K L7 service sessions with increased service memory. By default, ESM is disabled and the vSRX Virtual Firewall 3.0 is in basic firewall mode. You can enable ESM using the set security forwarding-process enhanced-services-mode command. After enabling this mode, you need to reboot the instance. When you enable this configuration, you will receive a warning message warning: You have changed enhanced services mode. You must reboot the system for your change to take effect. If you have deployed a cluster, be sure to reboot all nodes.

Starting in Junos OS Release 20.4R1, the jexec, minimal, and root-override support is introduced on SRX1500, SRX4100, SRX4200, SRX4600, SRX5000 line of devices, and vSRX Virtual Firewall. The options route, session-scan, and tunnel at [edit security flow traceoptions flag] hierarchy are configured only by root user.

Starting in Junos OS Release 21.1R1, we support the PMI and GRE acceleration solutions to improve the software-defined WAN (SD-WAN) performance.

For PMI solution, include the power-mode-ipsec and gre-performance-acceleration statements at the [edit security flow] hierarchy level. PMI supports both IPsec and GRE. In this case, traffic flows through the PMI data path.

For GRE acceleration solution, include the gre-performance-acceleration statement at the [edit security flow] hierarchy level.   By default, gre-performance-acceleration is turned off. In this case, traffic flows through the GRE acceleration data path.

Starting in Junos OS Release 21.2R1, we support clear text traffic over generic routing encapsulation (GRE) tunnels and MPLS-over-GRE tunnels.