dump config security
Use the dump config security command
to display the security configuration available on a device. Information
displayed includes configuration for security policy stack, security
policy sets, security policy zones, prefix filters, and security
policy rules.
Command
dump config security
Command Notes
| Role | Super, Read Only, Monitor |
|
| Introduced in | Release 4.7.1 |
Example
dump config security
SECURITY POLICY STACKS
---------------------------------------------------
Security Policy Stack ID : 16242998621490011
Security Policy Stack Name : Stack1
Default Policy Set ID : 16228336609730048
Default Policy Set Name : default
Policy Set Order:
16245957623450255 : Set2-Port-Range
16245009722000198 : Set3-Specific
16245013500920058 : Set4-Generic
SECURITY POLICY SETS
---------------------------------------------------
Security Policy Set ID : 16245957623450255
Security Policy Set Name: Set2-Port-Range
Policy Rule Order:
16246315738930189: Rule1-Set2-20
16246317241460212: Rule2-Set2-21
16246318197250246: Rule3-Set2-22
Security Policy Set ID : 16245009722000198
Security Policy Set Name: Set3-Specific
Policy Rule Order:
16245010650670003: Rule1-Set3-20
16245011984140128: Rule2-Set3-21
16245012757060237: Rule3-Set3-22
Security Policy Set ID : 16245013500920058
Security Policy Set Name: Set4-Generic
Policy Rule Order:
16245013906270078: Rule1-Set4
Security Policy Set ID : 16228336609730048
Security Policy Set Name: default
Policy Rule Order:
16228336610060052: self-zone
16228336610050051: intra-zone
16228336609900050: default
SECURITY POLICY ZONES
---------------------------------------------------
Security Policy Zone ID : 16204672468290016
Security Policy Zone Name : Zone-Internet-VPN
Zone Association ID : 16245135536470064
Interfaces :
VPN-overlay
LAN Networks :
Security Policy Zone ID : 16200471388560063
Security Policy Zone Name : Zone-Internet
Zone Association ID : 16285714095880087
Interfaces :
16150115632720220 : 2
LAN Networks :
Security Policy Zone ID : 16200471619100074
Security Policy Zone Name : Zone-LAN
Zone Association ID : 16245779281070041
Interfaces :
LAN Networks :
Name : default_san-jose_114105279
ID : 16200275524390210
LAN Prefixes :
192.168.7.1/24
Name : default_san-jose_450021252
ID : 16261268429250112
LAN Prefixes : 192.168.102.1/24
Name : default_san-jose_270864556
ID : 16261251535530088
LAN Prefixes : 192.168.101.1/24
SECURITY POLICY PREFIX FILTERS
---------------------------------------------------
Prefix Filter ID : 16242993943320129
Prefix Filter Name : DC-192-168-20-0
Prefix :
192.168.20.0/24
Prefix Filter ID : 16242994662000182
Prefix Filter Name : DC-192-168-22-0
Prefix :
192.168.22.0/24
Prefix Filter ID : 16242994310450145
Prefix Filter Name : DC-192-168-21-0
Prefix :
192.168.21.0/24
Prefix Filter ID : 16242993172060125
Prefix Filter Name : LAN-192-168-7-100
Prefix : 192.168.7.100/32
SECURITY POLICY RULES
---------------------------------------------------
Security Policy Rule ID : 16246315738930189
Security Policy Rule Name : Rule1-Set2-20
Action : allow
Rule-Type : custom
Enabled : true
Source Zones :
16200471619100074: Zone-LAN
Destination Zones :
16204672468290016: Zone-Internet-VPN
Applications :
ANY
Source Prefix Filters :
16242993172060125: LAN-192-168-7-100
Destination Prefix Filters :
16242993943320129: DC-192-168-20-0
Services :
Protocol : 6
Source Port Range :
ANY
Destination Port Range :
from : 5005
to : 5015
from : 5020
to : 5025
Protocol : 17
Source Port Range :
ANY
Destination Port Range :
from : 5005
to : 5015
Protocol : 1
Source Port Range :
ANY
Destination Port Range :
ANY
Security Policy Rule ID : 16246317241460212
Security Policy Rule Name : Rule2-Set2-21
Action : deny
Rule-Type : custom
Enabled : true
Source Zones :
16200471619100074: Zone-LAN
Destination Zones :
16204672468290016: Zone-Internet-VPN
Applications :
ANY
Source Prefix Filters :
16242993172060125: LAN-192-168-7-100
Destination Prefix Filters :
16242994310450145: DC-192-168-21-0
Services :
Protocol : 6
Source Port Range :
ANY
Destination Port Range :
from : 6000
to : 6010
Protocol : 17
Source Port Range :
ANY
Destination Port Range :
from : 6005
to : 6015
Security Policy Rule ID : 16246318197250246
Security Policy Rule Name : Rule3-Set2-22
Action : reject
Rule-Type : custom
Enabled : true
Source Zones :
16200471619100074: Zone-LAN
Destination Zones :
16204672468290016: Zone-Internet-VPN
Applications :
ANY
Source Prefix Filters :
16242993172060125: LAN-192-168-7-100
Destination Prefix Filters :
16242994662000182: DC-192-168-22-0
Services :
Protocol : 6
Source Port Range :
ANY
Destination Port Range :
from : 7000
to : 7010
Protocol : 17
Source Port Range :
ANY
Destination Port Range :
from : 7000
to : 7010
Security Policy Rule ID : 16245010650670003
Security Policy Rule Name : Rule1-Set3-20
Action : allow
Rule-Type : custom
Enabled : true
Source Zones :
16200471619100074: Zone-LAN
Destination Zones :
16204672468290016: Zone-Internet-VPN
Applications :
ANY
Source Prefix Filters :
16242993172060125: LAN-192-168-7-100
Destination Prefix Filters :
16242993943320129: DC-192-168-20-0
Services :
Protocol : 6
Source Port Range :
ANY
Destination Port Range :
from : 5005
to : 5005
Protocol : 17
Source Port Range :
ANY
Destination Port Range :
from : 5005
to : 5005
Security Policy Rule ID : 16245011984140128
Security Policy Rule Name : Rule2-Set3-21
Action : deny
Rule-Type : custom
Enabled : true
Source Zones :
16200471619100074: Zone-LAN
Destination Zones :
16204672468290016: Zone-Internet-VPN
Applications :
ANY
Source Prefix Filters :
16242993172060125: LAN-192-168-7-100
Destination Prefix Filters :
16242994310450145: DC-192-168-21-0
Services :
Protocol : 6
Source Port Range :
ANY
Destination Port Range :
from : 6000
to : 6000
Protocol : 17
Source Port Range :
ANY
Destination Port Range :
from : 6005
to : 6005
Security Policy Rule ID : 16245012757060237
Security Policy Rule Name : Rule3-Set3-22
Action : reject
Rule-Type : custom
Enabled : true
Source Zones :
16200471619100074: Zone-LAN
Destination Zones :
16204672468290016: Zone-Internet-VPN
Applications :
ANY
Source Prefix Filters :
16242993172060125: LAN-192-168-7-100
Destination Prefix Filters :
16242994662000182: DC-192-168-22-0
Services :
Protocol : 6
Source Port Range :
ANY
Destination Port Range :
from : 7000
to : 7000
Protocol : 17
Source Port Range :
ANY
Destination Port Range :
from : 7000
to : 7000
Security Policy Rule ID : 16245013906270078
Security Policy Rule Name : Rule1-Set4
Action : allow
Rule-Type : custom
Enabled : true
Source Zones :
16200471619100074: Zone-LAN
Destination Zones :
16204672468290016: Zone-Internet-VPN
Applications :
ANY
Source Prefix Filters :
ANY
Destination Prefix Filters :
ANY
Services :
ANY
Security Policy Rule ID : 16228336610060052
Security Policy Rule Name : self-zone
Action : allow
Rule-Type : self-zone
Enabled : true
Source Zones :
ANY
Destination Zones :
ANY
Applications :
ANY
Source Prefix Filters :
ANY
Destination Prefix Filters :
ANY
Services :
ANY
Security Policy Rule ID : 16228336610050051
Security Policy Rule Name : intra-zone
Action : allow
Rule-Type : intra-zone
Enabled : true
Source Zones :
ANY
Destination Zones :
ANY
Applications :
ANY
Source Prefix Filters :
ANY
Destination Prefix Filters :
ANYServices :
ANY
Security Policy Rule ID : 16228336609900050
Security Policy Rule Name : default
Action : deny
Rule-Type : default
Enabled : true
Source Zones :
ANY
Destination Zones :
ANY
Applications :
ANY
Source Prefix Filters :
ANY
Destination Prefix Filters :
ANY
Services :
ANY
