: dump config security
Focus
Focus

dump config security

Table of Contents

dump config security

Use the dump config security command to display the security configuration available on a device. Information displayed includes configuration for security policy stack, security policy sets, security policy zones, prefix filters, and security policy rules.

Command

dump config security

Options

None

Command Notes

RoleSuper, Read Only, Monitor
Related Commands
dump-support details
Introduced in Release 4.7.1

Example

dump config security SECURITY POLICY STACKS --------------------------------------------------- Security Policy Stack ID : 16242998621490011 Security Policy Stack Name : Stack1 Default Policy Set ID : 16228336609730048 Default Policy Set Name : default Policy Set Order: 16245957623450255 : Set2-Port-Range 16245009722000198 : Set3-Specific 16245013500920058 : Set4-Generic SECURITY POLICY SETS --------------------------------------------------- Security Policy Set ID : 16245957623450255 Security Policy Set Name: Set2-Port-Range Policy Rule Order: 16246315738930189: Rule1-Set2-20 16246317241460212: Rule2-Set2-21 16246318197250246: Rule3-Set2-22 Security Policy Set ID : 16245009722000198 Security Policy Set Name: Set3-Specific Policy Rule Order: 16245010650670003: Rule1-Set3-20 16245011984140128: Rule2-Set3-21 16245012757060237: Rule3-Set3-22 Security Policy Set ID : 16245013500920058 Security Policy Set Name: Set4-Generic Policy Rule Order: 16245013906270078: Rule1-Set4 Security Policy Set ID : 16228336609730048 Security Policy Set Name: default Policy Rule Order: 16228336610060052: self-zone 16228336610050051: intra-zone 16228336609900050: default SECURITY POLICY ZONES --------------------------------------------------- Security Policy Zone ID : 16204672468290016 Security Policy Zone Name : Zone-Internet-VPN Zone Association ID : 16245135536470064 Interfaces : VPN-overlay LAN Networks : Security Policy Zone ID : 16200471388560063 Security Policy Zone Name : Zone-Internet Zone Association ID : 16285714095880087 Interfaces : 16150115632720220 : 2 LAN Networks : Security Policy Zone ID : 16200471619100074 Security Policy Zone Name : Zone-LAN Zone Association ID : 16245779281070041 Interfaces : LAN Networks : Name : default_san-jose_114105279 ID : 16200275524390210 LAN Prefixes : 192.168.7.1/24 Name : default_san-jose_450021252 ID : 16261268429250112 LAN Prefixes : 192.168.102.1/24 Name : default_san-jose_270864556 ID : 16261251535530088 LAN Prefixes : 192.168.101.1/24 SECURITY POLICY PREFIX FILTERS --------------------------------------------------- Prefix Filter ID : 16242993943320129 Prefix Filter Name : DC-192-168-20-0 Prefix : 192.168.20.0/24 Prefix Filter ID : 16242994662000182 Prefix Filter Name : DC-192-168-22-0 Prefix : 192.168.22.0/24 Prefix Filter ID : 16242994310450145 Prefix Filter Name : DC-192-168-21-0 Prefix : 192.168.21.0/24 Prefix Filter ID : 16242993172060125 Prefix Filter Name : LAN-192-168-7-100 Prefix : 192.168.7.100/32 SECURITY POLICY RULES --------------------------------------------------- Security Policy Rule ID : 16246315738930189 Security Policy Rule Name : Rule1-Set2-20 Action : allow Rule-Type : custom Enabled : true Source Zones : 16200471619100074: Zone-LAN Destination Zones : 16204672468290016: Zone-Internet-VPN Applications : ANY Source Prefix Filters : 16242993172060125: LAN-192-168-7-100 Destination Prefix Filters : 16242993943320129: DC-192-168-20-0 Services : Protocol : 6 Source Port Range : ANY Destination Port Range : from : 5005 to : 5015 from : 5020 to : 5025 Protocol : 17 Source Port Range : ANY Destination Port Range : from : 5005 to : 5015 Protocol : 1 Source Port Range : ANY Destination Port Range : ANY Security Policy Rule ID : 16246317241460212 Security Policy Rule Name : Rule2-Set2-21 Action : deny Rule-Type : custom Enabled : true Source Zones : 16200471619100074: Zone-LAN Destination Zones : 16204672468290016: Zone-Internet-VPN Applications : ANY Source Prefix Filters : 16242993172060125: LAN-192-168-7-100 Destination Prefix Filters : 16242994310450145: DC-192-168-21-0 Services : Protocol : 6 Source Port Range : ANY Destination Port Range : from : 6000 to : 6010 Protocol : 17 Source Port Range : ANY Destination Port Range : from : 6005 to : 6015 Security Policy Rule ID : 16246318197250246 Security Policy Rule Name : Rule3-Set2-22 Action : reject Rule-Type : custom Enabled : true Source Zones : 16200471619100074: Zone-LAN Destination Zones : 16204672468290016: Zone-Internet-VPN Applications : ANY Source Prefix Filters : 16242993172060125: LAN-192-168-7-100 Destination Prefix Filters : 16242994662000182: DC-192-168-22-0 Services : Protocol : 6 Source Port Range : ANY Destination Port Range : from : 7000 to : 7010 Protocol : 17 Source Port Range : ANY Destination Port Range : from : 7000 to : 7010 Security Policy Rule ID : 16245010650670003 Security Policy Rule Name : Rule1-Set3-20 Action : allow Rule-Type : custom Enabled : true Source Zones : 16200471619100074: Zone-LAN Destination Zones : 16204672468290016: Zone-Internet-VPN Applications : ANY Source Prefix Filters : 16242993172060125: LAN-192-168-7-100 Destination Prefix Filters : 16242993943320129: DC-192-168-20-0 Services : Protocol : 6 Source Port Range : ANY Destination Port Range : from : 5005 to : 5005 Protocol : 17 Source Port Range : ANY Destination Port Range : from : 5005 to : 5005 Security Policy Rule ID : 16245011984140128 Security Policy Rule Name : Rule2-Set3-21 Action : deny Rule-Type : custom Enabled : true Source Zones : 16200471619100074: Zone-LAN Destination Zones : 16204672468290016: Zone-Internet-VPN Applications : ANY Source Prefix Filters : 16242993172060125: LAN-192-168-7-100 Destination Prefix Filters : 16242994310450145: DC-192-168-21-0 Services : Protocol : 6 Source Port Range : ANY Destination Port Range : from : 6000 to : 6000 Protocol : 17 Source Port Range : ANY Destination Port Range : from : 6005 to : 6005 Security Policy Rule ID : 16245012757060237 Security Policy Rule Name : Rule3-Set3-22 Action : reject Rule-Type : custom Enabled : true Source Zones : 16200471619100074: Zone-LAN Destination Zones : 16204672468290016: Zone-Internet-VPN Applications : ANY Source Prefix Filters : 16242993172060125: LAN-192-168-7-100 Destination Prefix Filters : 16242994662000182: DC-192-168-22-0 Services : Protocol : 6 Source Port Range : ANY Destination Port Range : from : 7000 to : 7000 Protocol : 17 Source Port Range : ANY Destination Port Range : from : 7000 to : 7000 Security Policy Rule ID : 16245013906270078 Security Policy Rule Name : Rule1-Set4 Action : allow Rule-Type : custom Enabled : true Source Zones : 16200471619100074: Zone-LAN Destination Zones : 16204672468290016: Zone-Internet-VPN Applications : ANY Source Prefix Filters : ANY Destination Prefix Filters : ANY Services : ANY Security Policy Rule ID : 16228336610060052 Security Policy Rule Name : self-zone Action : allow Rule-Type : self-zone Enabled : true Source Zones : ANY Destination Zones : ANY Applications : ANY Source Prefix Filters : ANY Destination Prefix Filters : ANY Services : ANY Security Policy Rule ID : 16228336610050051 Security Policy Rule Name : intra-zone Action : allow Rule-Type : intra-zone Enabled : true Source Zones : ANY Destination Zones : ANY Applications : ANY Source Prefix Filters : ANY Destination Prefix Filters : ANYServices : ANY Security Policy Rule ID : 16228336609900050 Security Policy Rule Name : default Action : deny Rule-Type : default Enabled : true Source Zones : ANY Destination Zones : ANY Applications : ANY Source Prefix Filters : ANY Destination Prefix Filters : ANY Services : ANY