show security dynamic-policies
Syntax
show security dynamic-policies [detail] [from-zone zone] [scope-id id] [to-zone zone]
Description
Display dynamic policies downloaded on the group member. This command is supported on SRX100, SRX110, SRX210, SRX220, SRX240, and SRX650 devices.
Options
none—Display basic information about all policies installed on the group member.
detail—(Optional) Display a detailed view of all of the policies installed on the group member.from-zone—(Optional) Display information about the policies installed on the group member for the specified source zone.scope-id—(Optional) Display information about the policies installed on the group member for the specified policy identifier.to-zone—(Optional) Display information about the policies installed on the group member for the specified destination zone.
Required Privilege Level
view
Output Fields
Table 1 lists the output fields for the show security dynamic-policies command. Output fields are listed in the approximate order in which
they appear.
Field Name |
Field Description |
|---|---|
|
Name of the applicable Policy. |
|
Status of the policy:
|
|
An internal number associated with the policy. |
|
Policy identifier. |
|
Number of the policy within a given context. For example, three policies that are applicable in a from-zoneA-to-zoneB context might be ordered with sequence numbers 1, 2, and 3. Also, in a from-zoneC-to-zoneD context, four policies might have sequence numbers 1, 2, 3, and 4. |
|
For standard display mode, the names of the source addresses for a policy. Address sets are resolved to their individual names. (In this case, only the names are given, not their IP addresses.) For detail display mode, the names and corresponding IP addresses of the source addresses for a policy. Address sets are resolved to their individual address name-IP address pairs. |
|
Name of the destination address (or address set) as it was entered in the destination zone’s address book. A packet’s destination address must match this value for the policy to apply to it. |
|
Name of a preconfigured or custom application whose type the packet matches, as specified at configuration time.
|
|
Must be permit. |
|
Must be dynamic. |
|
Name of the source zone. |
|
Name of the destination zone. |
|
Tunnel name, type (IPsec), and index number. |
Sample Output
show security dynamic-policies
user@host> show security dynamic-policies
Policy: policy_forward-0001, State: enabled, Index: 1048580, Scope Policy: 4
Sequence number: 1
Source addresses:192.168.10.0/24
Destination addresses:192.168.20.0/24
Applications: Unknown
action-type: permit, tunnel:
Policy: policy_forward-0002, State: enabled, Index: 2097156, Scope Policy: 4
Sequence number: 2
Source addresses:192.168.10.0/24
Destination addresses:192.168.20.0/24
Applications: Unknown
action-type: permit, tunnel:
Sample Output
show security dynamic-policies detail
user@host> show security dynamic-policies detail
Policy: policy_forward-0001, action-type: permit, State: enabled, Index: 1048580,AI: disabled, Scope Policy: 4
Policy Type: Dynamic
Sequence number: 1
From zone: Host, To zone: untrust
Source addresses:192.168.10.0/24
Destination addresses:192.168.20.0/24
Application: Unknown
IP protocol: 6, ALG: 0, Inactivity timeout: 0
Source port range: [0-0]
Destination port range: [23-23]
Tunnel: Test Tunnel, Type: IPSec, Index: 1001
Policy: policy_backward-0001, action-type: permit, State: enabled, Index: 1048582,AI: disabled, Scope Policy: 6
Policy Type: Dynamic
Sequence number: 1
From zone: untrust, To zone: Host
Source addresses:192.168.10.0/24
Destination addresses:192.168.20.0/24
Application: Unknown
IP protocol: 6, ALG: 0, Inactivity timeout: 0
Source port range: [0-0]
Destination port range: [80-80]
Tunnel: Test Tunnel, Type: IPSec, Index: 1003
Policy: policy_internal-0001, action-type: permit, State: enabled, Index: 1048583,AI: disabled, Scope Policy: 7
Policy Type: Dynamic
Sequence number: 1
From zone: Internal, To zone: Host
Source addresses:192.168.1.0/24
Destination addresses:192.168.20.0/24
Application: Unknown
IP protocol: 6, ALG: 0, Inactivity timeout: 0
Source port range: [0-0]
Destination port range: [80-80]
Tunnel: Test Tunnel, Type: IPSec, Index: 1005
Policy: policy_external-0001, action-type: permit, State: enabled, Index: 1048584,AI: disabled, Scope Policy: 8
Policy Type: Dynamic
Sequence number: 1
From zone: Internal, To zone: untrust
Source addresses:192.168.1.0/24
Destination addresses:192.168.20.0/24
Application: Unknown
IP protocol: 6, ALG: 0, Inactivity timeout: 0
Source port range: [0-0]
Destination port range: [80-80]
Tunnel: Test Tunnel, Type: IPSec, Index: 1006
Policy: policy_forward-0002, action-type: permit, State: enabled, Index: 2097156,AI: disabled, Scope Policy: 4
Policy Type: Dynamic
Sequence number: 2
From zone: Host, To zone: untrust
Source addresses:192.168.10.0/24
Destination addresses:192.168.20.0/24
Application: Unknown
IP protocol: 6, ALG: 0, Inactivity timeout: 0
Source port range: [0-0]
Destination port range: [80-80]
Tunnel: Test Tunnel, Type: IPSec, Index: 1002
Policy: policy_backward-0002, action-type: permit, State: enabled, Index: 2097158,AI: disabled, Scope Policy: 6
Policy Type: Dynamic
Sequence number: 2
From zone: untrust, To zone: Host
Source addresses:192.168.10.0/24
Destination addresses:192.168.20.0/24
Application: Unknown
IP protocol: 6, ALG: 0, Inactivity timeout: 0
Source port range: [0-0]
Destination port range: [23-23]
Tunnel: Test Tunnel, Type: IPSec, Index: 1004
Sample Output
show security dynamic-policies from-zone Internal
user@host> show security dynamic-policies from-zone Internal
Policy: policy_internal-0001, State: enabled, Index: 1048583, Scope Policy: 7
Sequence number: 1
Applications: Unknown
action-type: permit, tunnel:
Policy: policy_external-0001, State: enabled, Index: 1048584, Scope Policy: 8
Sequence number: 1
Applications: Unknown
action-type: permit, tunnel:
Sample Output
show security dynamic-policies scope-id 8 from-zone Internal
user@host> show security dynamic-policies scope-id 8 from-zone Internal
Policy: policy_external-0001, State: enabled, Index: 1048584, Scope Policy: 8
Sequence number: 1
Applications: Unknown
action-type: permit, tunnel:
Sample Output
show security dynamic-policies detail from-zone Internal
user@host> show security dynamic-policies detail from-zone Internal
Policy: policy_internal-0001, action-type: permit, State: enabled, Index: 1048583,AI: disabled, Scope Policy: 7
Policy Type: Dynamic
Sequence number: 1
From zone: Internal, To zone: Host
Source addresses:192.168.1.0/24
Destination addresses:192.168.20.0/24
Application: Unknown
IP protocol: 6, ALG: 0, Inactivity timeout: 0
Source port range: [0-0]
Destination port range: [80-80]
Tunnel: Test Tunnel, Type: IPSec, Index: 1005
Policy: policy_external-0001, action-type: permit, State: enabled, Index: 1048584,AI: disabled, Scope Policy: 8
Policy Type: Dynamic
Sequence number: 1
From zone: Internal, To zone: untrust
Source addresses:192.168.1.0/24
Destination addresses:192.168.20.0/24
Application: Unknown
IP protocol: 6, ALG: 0, Inactivity timeout: 0
Source port range: [0-0]
Destination port range: [80-80]
Tunnel: Test Tunnel, Type: IPSec, Index: 1006
Sample Output
show security dynamic-policies detail from-zone Internal to-zone Host
user@host> show security dynamic-policies detail from-zone Internal to-zone Host
Policy: policy_internal-0001, action-type: permit, State: enabled, Index: 1048583,AI: disabled, Scope Policy: 7
Policy Type: Dynamic
Sequence number: 1
From zone: Internal, To zone: Host
Source addresses:192.168.1.0/24
Destination addresses:192.168.20.0/24
Application: Unknown
IP protocol: 6, ALG: 0, Inactivity timeout: 0
Source port range: [0-0]
Destination port range: [80-80]
Tunnel: Test Tunnel, Type: IPSec, Index: 1005
Release Information
Command introduced in Junos OS Release 10.2.