show security policies information
Syntax
show security policies information <logical-system (logical-system-name | all)> <root-logical-system> <tenant tenant-name>
Description
Displays detailed information about the security policies configured on the device.
Dynamic policy counters are only supported in the root logical system.
Options
| logical-system | Displays detailed information about the security policies configured on a logical system or on all logical systems. |
| root-logical-system | Displays detailed information about the security policies configured on the root logical system. This is the default option. |
| tenant | Displays detailed information about the security policies configured on a tenant. |
Required Privilege Level
view
Output Fields
Table 1 lists the output
fields for the show security policies information command.
Output fields are listed in the approximate order in which they appear.
Field Name |
Field Description |
|---|---|
|
Number of global policies configured on the device. |
|
Number of policies with schedulers configured on the device. |
|
Number of policies configured with statistics enabled on the device and the maximum number of policies which can be configured with statistics enabled on the device. |
|
Number of unified policies configured on the device. |
|
Number of policy contexts configured on the device. |
|
Number of policies per context configured on the device and the maximum number of policies per context that can be configured on the device. |
|
Number of source addresses configured per policy and the maximum number of source addresses configured per policy. The source address in the match criteria is composed of one
or more address names or address set names in the |
|
Number of destination addresses configured per policy and maximum of destination addresses that can be configured per policy. The destination address of the match criteria is composed of
one or more address names or address set names in the |
|
Number of applications per policy and the maximum number of applications per policy. |
|
Number of dynamic applications per policy and the maximum number of dynamic applications per policy. |
|
Number of source identities per policy and the maximum number of source identities per policy. |
|
|
Number of source and destination identities feeds per policy matching traffic. |
|
Number of messages received. |
|
Number of messages rejected. |
|
Number of add messages received. |
|
Number of delete messages received. |
|
Number of clear messages received. |
|
Number of invalid messages received. |
|
Number of add messages sent from Routing Engine to Packet Forwarding Engine. |
|
Number of delete messages sent from Routing Engine to Packet Forwarding Engine. |
|
Number of clear messages sent from Routing Engine to Packet Forwarding Engine. |
|
Number of policies successfully added. |
|
Number of policies successfully deleted. |
|
Number of policies successfully cleared. |
|
Number of policies unsuccessfully added. |
|
Number of policies unsuccessfully deleted. |
|
Number of policies unsuccessfully cleared. |
|
Number of SSAM message attempts sent to Internet Key Exchange Protocol Daemon (IKED). |
|
Number of SSAM messages sent to IKED. |
|
Number of SSAM messages unsucessfully sent to IKED. |
|
Number of messages with invalid dynamic policy configurations provided. |
|
Number of messages with invalid scope policy provided. |
|
Value of the unified policy dependent match flag’s
value ( |
|
Value of the unified policy implicit match flag’s
value ( |
Sample Output
- show security policies information
- show security policies information logical-system all
- show security policies information (Threat Profiling)
- show security policies information (destination-identity)
show security policies information
user@host> show security policies information
Number of policies : 0 / 16000
Number of global policies : 0
Number of policies with scheduler : 0
Number of policies with statistics enabled: 0 / 256
Number of unified policies : 0
Number of policy contexts : 0 / 4096
Number of Policies per context : 0 / 10240
Number of Source addresses per policy : 0 / 4096
Number of Destination addresses per policy : 0 / 4096
Number of Applications per policy : 0 / 3072
Number of Dynamic applications per policy : 0 / 4096
Number of Source identities per policy : 0 / 128
Dynamic policy counters:
Messages received : 0
Messages rejected : 0
Add messages received : 0
Delete messages received : 0
Clear messages received : 0
Invalid messages received : 0
Add messages sent to PFE : 0
Delete messages sent to PFE : 0
Clear messages sent to PFE : 0
Policy added successfully : 0
Policy deleted successfully : 0
Policy cleared successfully : 0
Policy add failures : 0
Policy delete failures : 0
Policy clear failures : 0
SSAM send attempted : 0
SSAM send succeeded : 0
SSAM send failed : 0
Policy failures - bad configuration : 0
Policy failures - bad scope policy : 0
Unified policy status:
Dependent-dynamic-application-lookup: disable
Unified-policy-implicit-match: enableshow security policies information logical-system all
user@host> show security policies information logical-system all
Policy utilization counters:
Number of policies : 10 / 60000
Number of global policies : 0
Number of policies with scheduler : 0
Number of policies with statistics enabled: 0 / 1024
Number of unified policies : 1
Number of policy contexts : 2 / 4096
Number of Policies per context : 9 / 60000
Number of Source addresses per policy : 4 / 4096
Number of Destination addresses per policy : 4 / 4096
Number of Applications per policy : 8 / 3072
Number of Dynamic applications per policy : 10 / 4096
Number of URL Category per policy : 0 / 1024
Number of Source identities per policy : 0 / 128
Dynamic policy counters:
Messages received : 0
Messages rejected : 0
Add messages received : 0
Delete messages received : 0
Clear messages received : 0
Invalid messages received : 0
Add messages sent to PFE : 0
Delete messages sent to PFE : 0
Clear messages sent to PFE : 0
Policy added successfully : 0
Policy deleted successfully : 0
Policy cleared successfully : 0
Policy add failures : 0
Policy delete failures : 0
Policy clear failures : 0
SSAM send attempted : 0
SSAM send succeeded : 0
SSAM send failed : 0
Policy failures - bad configuration : 0
Policy failures - bad scope policy : 0
Unified policy status:
Dependent-dynamic-application-lookup: disable
Unified-policy-implicit-match: enable
Logical system: lsys1
Policy utilization counters:
Number of policies : 1 / 60000
Number of global policies : 0
Number of policies with scheduler : 0
Number of policies with statistics enabled: 0 / 1024
Number of unified policies : 0
Number of policy contexts : 1 / 4096
Number of Policies per context : 1 / 60000
Number of Source addresses per policy : 1 / 4096
Number of Destination addresses per policy : 1 / 4096
Number of Applications per policy : 1 / 3072
Number of Dynamic applications per policy : 0 / 4096
Number of URL Category per policy : 0 / 1024
Number of Source identities per policy : 0 / 128
Unified policy status:
Dependent-dynamic-application-lookup: disable
Unified-policy-implicit-match: enable
show security policies information (Threat Profiling)
user@host> show security policies information
Policy utilization counters:
Number of policies : 3 / 10240
Number of global policies : 0
Number of policies with scheduler : 0
Number of policies with statistics enabled : 0 / 1024
Number of unified policies : 0
Number of policy contexts : 1 / 2048
Number of Policies per context : 3 / 10240
Number of Source addresses per policy : 1 / 1024
Number of Destination addresses per policy : 1 / 1024
Number of Applications per policy : 1 / 128
Number of Dynamic applications per policy : 0 / 4096
Number of URL Category per policy : 0 / 1024
Number of Source identities per policy : 0 / 128
Number of Match source/destination identity feeds per policy : 4 / 1024
Dynamic policy counters:
Messages received : 0
Messages rejected : 0
Add messages received : 0
Delete messages received : 0
Clear messages received : 0
Invalid messages received : 0
Add messages sent to PFE : 0
Delete messages sent to PFE : 0
Clear messages sent to PFE : 0
Policy added successfully : 0
Policy deleted successfully : 0
Policy cleared successfully : 0
Policy add failures : 0
Policy delete failures : 0
Policy clear failures : 0
SSAM send attempted : 0
SSAM send succeeded : 0
SSAM send failed : 0
Policy failures - bad configuration : 0
Policy failures - bad scope policy : 0
Unified policy status:
Dependent-dynamic-application-lookup: disable
Unified-policy-implicit-match: enable
show security policies information (destination-identity)
user@host> show security policies information
Policy utilization counters:
Number of policies : 4 / 20480
Number of global policies : 1
Number of policies with scheduler : 0
Number of policies with statistics enabled : 0 / 1024
Number of unified policies : 2
Number of policy contexts : 2 / 4096
Number of Policies per context : 3 / 20480
Number of Source addresses per policy : 1 / 2048
Number of Destination addresses per policy : 1 / 2048
Number of Applications per policy : 3 / 512
Number of Dynamic applications per policy : 5 / 4096
Number of URL Category per policy : 0 / 1024
Number of Source/destination identities per policy : 2 / 128
Number of Match source/destination identity feeds per policy : 0 / 1024
Dynamic policy counters:
Messages received : 0
Messages rejected : 0
Add messages received : 0
Delete messages received : 0
Clear messages received : 0
Invalid messages received : 0
Add messages sent to PFE : 0
Delete messages sent to PFE : 0
Clear messages sent to PFE : 0
Policy added successfully : 0
Policy deleted successfully : 0
Policy cleared successfully : 0
Policy add failures : 0
Policy delete failures : 0
Policy clear failures : 0
SSAM send attempted : 0
SSAM send succeeded : 0
SSAM send failed : 0
Policy failures - bad configuration : 0
Policy failures - bad scope policy : 0
Unified policy status:
Dependent-dynamic-application-lookup : disable
Unified-policy-implicit-match : enable
Release Information
Command introduced in Junos OS Release 18.4R1.