Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

show security policies checksum

Syntax

Description

Displays the security policy checksum value.

Verifying the checksum helps in validating the security policy sync status between the Routing Engine and the Packet Forwarding Engine. The checksum value should be the same for the Routing Engine and the Packet Forwarding Engine. If the checksum value is not same, then the different values indicates that the security policies on the Routing Engine and the Packet Forwarding Engine are out-of-sync.

Note:

The show security policies checksum command can only be used to ensure if the security policies are out of sync but cannot confirm if they are in-sync. Use the request security policies check command to get a list of all polices in-sync and/or out-of-sync.

Use the request security policies resync command to synchronize the configuration of security policies in the Routing Engine and Packet Forwarding Engine.

Options

logical-system (logical-system-name | all)

Displays the security policy checksum value for the security policies configured on a logical system or on all logical systems.

root-logical-system

Displays the security policy checksum value for the security policies configured on the root logical system. This is the default outcome.

tenant tenant-name

Displays the security policy checksum value for the security policies configured on a tenant.

Additional Information

The checksum value is a 32-character hexadecimal number that is computed for the security policy on the device.

Security policies are stored in the routing engine and the packet forwarding engine. Security policies are pushed from the Routing Engine to the Packet Forwarding Engine when you commit configurations. If the security policies on the Routing Engine are out of sync with the Packet Forwarding Engine, the commit of a configuration fails. Core dump files may be generated if the commit is tried repeatedly. The out of sync can be due to:

  • A policy message from Routing Engine to the Packet Forwarding Engine is lost in transit.

  • An error with the routing engine, such as a reused policy UID.

When the policy configuration are modified and the policies are out of sync, the following error message displays - error: Warning: policy might be out of sync between RE and PFE <SPU-name(s)>. Please request security policies check/resync.

Required Privilege Level

view

Sample Output

show security policies checksum (RE)

show security policies checksum (PFE)

show security policies checksum logical-system all

Release Information

Command introduced in Junos OS Release 18.4R1.