dump config security
Table of Contents
Expand All
|
Collapse All
Prisma SD-WAN Docs
-
-
-
-
- AWS Transit Gateway
- Azure vWAN
- Azure vWAN with vION
- ChatBot for MS Teams
- ChatBot for Slack
- CloudBlades Integration with Prisma Access
- GCP NCC
- Service Now
- Zoom QSS
- Zscaler Internet Access
-
-
- ION 5.2
- ION 5.3
- ION 5.4
- ION 5.5
- ION 5.6
- ION 6.0
- ION 6.1
- ION 6.2
- ION 6.3
- ION 6.4
- New Features Guide
- On-Premises Controller
- Prisma Access CloudBlade Cloud Managed
- Prisma Access CloudBlade Panorama Managed
- Prisma SD-WAN CloudBlades
dump config security
Use the dump config security command
to display the security configuration available on a device. Information
displayed includes configuration for security policy stack, security
policy sets, security policy zones, prefix filters, and security
policy rules.
Command
dump config security
Options
| None |
Command Notes
| Role | Super, Read Only, Monitor |
| Related Commands |
|
| Introduced in | Release 4.7.1 |
Example
dump config security SECURITY POLICY STACKS --------------------------------------------------- Security Policy Stack ID : 16242998621490011 Security Policy Stack Name : Stack1 Default Policy Set ID : 16228336609730048 Default Policy Set Name : default Policy Set Order: 16245957623450255 : Set2-Port-Range 16245009722000198 : Set3-Specific 16245013500920058 : Set4-Generic SECURITY POLICY SETS --------------------------------------------------- Security Policy Set ID : 16245957623450255 Security Policy Set Name: Set2-Port-Range Policy Rule Order: 16246315738930189: Rule1-Set2-20 16246317241460212: Rule2-Set2-21 16246318197250246: Rule3-Set2-22 Security Policy Set ID : 16245009722000198 Security Policy Set Name: Set3-Specific Policy Rule Order: 16245010650670003: Rule1-Set3-20 16245011984140128: Rule2-Set3-21 16245012757060237: Rule3-Set3-22 Security Policy Set ID : 16245013500920058 Security Policy Set Name: Set4-Generic Policy Rule Order: 16245013906270078: Rule1-Set4 Security Policy Set ID : 16228336609730048 Security Policy Set Name: default Policy Rule Order: 16228336610060052: self-zone 16228336610050051: intra-zone 16228336609900050: default SECURITY POLICY ZONES --------------------------------------------------- Security Policy Zone ID : 16204672468290016 Security Policy Zone Name : Zone-Internet-VPN Zone Association ID : 16245135536470064 Interfaces : VPN-overlay LAN Networks : Security Policy Zone ID : 16200471388560063 Security Policy Zone Name : Zone-Internet Zone Association ID : 16285714095880087 Interfaces : 16150115632720220 : 2 LAN Networks : Security Policy Zone ID : 16200471619100074 Security Policy Zone Name : Zone-LAN Zone Association ID : 16245779281070041 Interfaces : LAN Networks : Name : default_san-jose_114105279 ID : 16200275524390210 LAN Prefixes : 192.168.7.1/24 Name : default_san-jose_450021252 ID : 16261268429250112 LAN Prefixes : 192.168.102.1/24 Name : default_san-jose_270864556 ID : 16261251535530088 LAN Prefixes : 192.168.101.1/24 SECURITY POLICY PREFIX FILTERS --------------------------------------------------- Prefix Filter ID : 16242993943320129 Prefix Filter Name : DC-192-168-20-0 Prefix : 192.168.20.0/24 Prefix Filter ID : 16242994662000182 Prefix Filter Name : DC-192-168-22-0 Prefix : 192.168.22.0/24 Prefix Filter ID : 16242994310450145 Prefix Filter Name : DC-192-168-21-0 Prefix : 192.168.21.0/24 Prefix Filter ID : 16242993172060125 Prefix Filter Name : LAN-192-168-7-100 Prefix : 192.168.7.100/32 SECURITY POLICY RULES --------------------------------------------------- Security Policy Rule ID : 16246315738930189 Security Policy Rule Name : Rule1-Set2-20 Action : allow Rule-Type : custom Enabled : true Source Zones : 16200471619100074: Zone-LAN Destination Zones : 16204672468290016: Zone-Internet-VPN Applications : ANY Source Prefix Filters : 16242993172060125: LAN-192-168-7-100 Destination Prefix Filters : 16242993943320129: DC-192-168-20-0 Services : Protocol : 6 Source Port Range : ANY Destination Port Range : from : 5005 to : 5015 from : 5020 to : 5025 Protocol : 17 Source Port Range : ANY Destination Port Range : from : 5005 to : 5015 Protocol : 1 Source Port Range : ANY Destination Port Range : ANY Security Policy Rule ID : 16246317241460212 Security Policy Rule Name : Rule2-Set2-21 Action : deny Rule-Type : custom Enabled : true Source Zones : 16200471619100074: Zone-LAN Destination Zones : 16204672468290016: Zone-Internet-VPN Applications : ANY Source Prefix Filters : 16242993172060125: LAN-192-168-7-100 Destination Prefix Filters : 16242994310450145: DC-192-168-21-0 Services : Protocol : 6 Source Port Range : ANY Destination Port Range : from : 6000 to : 6010 Protocol : 17 Source Port Range : ANY Destination Port Range : from : 6005 to : 6015 Security Policy Rule ID : 16246318197250246 Security Policy Rule Name : Rule3-Set2-22 Action : reject Rule-Type : custom Enabled : true Source Zones : 16200471619100074: Zone-LAN Destination Zones : 16204672468290016: Zone-Internet-VPN Applications : ANY Source Prefix Filters : 16242993172060125: LAN-192-168-7-100 Destination Prefix Filters : 16242994662000182: DC-192-168-22-0 Services : Protocol : 6 Source Port Range : ANY Destination Port Range : from : 7000 to : 7010 Protocol : 17 Source Port Range : ANY Destination Port Range : from : 7000 to : 7010 Security Policy Rule ID : 16245010650670003 Security Policy Rule Name : Rule1-Set3-20 Action : allow Rule-Type : custom Enabled : true Source Zones : 16200471619100074: Zone-LAN Destination Zones : 16204672468290016: Zone-Internet-VPN Applications : ANY Source Prefix Filters : 16242993172060125: LAN-192-168-7-100 Destination Prefix Filters : 16242993943320129: DC-192-168-20-0 Services : Protocol : 6 Source Port Range : ANY Destination Port Range : from : 5005 to : 5005 Protocol : 17 Source Port Range : ANY Destination Port Range : from : 5005 to : 5005 Security Policy Rule ID : 16245011984140128 Security Policy Rule Name : Rule2-Set3-21 Action : deny Rule-Type : custom Enabled : true Source Zones : 16200471619100074: Zone-LAN Destination Zones : 16204672468290016: Zone-Internet-VPN Applications : ANY Source Prefix Filters : 16242993172060125: LAN-192-168-7-100 Destination Prefix Filters : 16242994310450145: DC-192-168-21-0 Services : Protocol : 6 Source Port Range : ANY Destination Port Range : from : 6000 to : 6000 Protocol : 17 Source Port Range : ANY Destination Port Range : from : 6005 to : 6005 Security Policy Rule ID : 16245012757060237 Security Policy Rule Name : Rule3-Set3-22 Action : reject Rule-Type : custom Enabled : true Source Zones : 16200471619100074: Zone-LAN Destination Zones : 16204672468290016: Zone-Internet-VPN Applications : ANY Source Prefix Filters : 16242993172060125: LAN-192-168-7-100 Destination Prefix Filters : 16242994662000182: DC-192-168-22-0 Services : Protocol : 6 Source Port Range : ANY Destination Port Range : from : 7000 to : 7000 Protocol : 17 Source Port Range : ANY Destination Port Range : from : 7000 to : 7000 Security Policy Rule ID : 16245013906270078 Security Policy Rule Name : Rule1-Set4 Action : allow Rule-Type : custom Enabled : true Source Zones : 16200471619100074: Zone-LAN Destination Zones : 16204672468290016: Zone-Internet-VPN Applications : ANY Source Prefix Filters : ANY Destination Prefix Filters : ANY Services : ANY Security Policy Rule ID : 16228336610060052 Security Policy Rule Name : self-zone Action : allow Rule-Type : self-zone Enabled : true Source Zones : ANY Destination Zones : ANY Applications : ANY Source Prefix Filters : ANY Destination Prefix Filters : ANY Services : ANY Security Policy Rule ID : 16228336610050051 Security Policy Rule Name : intra-zone Action : allow Rule-Type : intra-zone Enabled : true Source Zones : ANY Destination Zones : ANY Applications : ANY Source Prefix Filters : ANY Destination Prefix Filters : ANYServices : ANY Security Policy Rule ID : 16228336609900050 Security Policy Rule Name : default Action : deny Rule-Type : default Enabled : true Source Zones : ANY Destination Zones : ANY Applications : ANY Source Prefix Filters : ANY Destination Prefix Filters : ANY Services : ANY