Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

request security policies check

Syntax

Description

Displays the security policy sync status between the Routing Engine and the Packet Forwarding Engine. Use the command to display a list of all security polices which are in-sync or out-of-sync on the device.

Use the show security policies checksum command to display the security policy checksum value and use the request security policies resync command to synchronize the configuration of security policies in the Routing Engine and Packet Forwarding Engine.

Options

<from-zone zone-name

Displays security policies sync status from this zone.

global

Displays global policies sync status.

logical-system (logical-system name | all)

Displays security policies sync status for the security policies configured on a logical system or on all logical systems.

pfe

Displays security policies sync status for the security policies on the Packet Forwarding Engine.

root-logical-system

Displays security policies sync status for the security policies configured on the root logical system. This is the default outcome.

to-zone zone-name

Displays security policies sync status to this zone.

tenant tenant-name

Displays security policies sync status for the security policies configured on a tenant.

Additional Information

Security policies are stored in the routing engine and the packet forwarding engine. Security policies are pushed from the Routing Engine to the Packet Forwarding Engine when you commit configurations. If the security policies on the Routing Engine are out of sync with the Packet Forwarding Engine, the commit of a configuration fails. Core dump files may be generated if the commit is tried repeatedly. The out of sync can be due to:

  • A policy message from Routing Engine to the Packet Forwarding Engine is lost in transit.

  • An error with the routing engine, such as a reused policy UID.

When the policy configurations are modified and the policies are out of sync, the following error message displays - error: Warning: policy might be out of sync between RE and PFE <SPU-name(s)>. Please request security policies check/resync.

Required Privilege Level

view

Sample Output

request security policies check

request security policies check logical-system LSYS1

request security policies check logical-system all

request security policies check from-zone trust to-zone untrust

Release Information

Command introduced in Junos OS Release 18.4R1.