request security policies resync

Syntax

Description

Synchronize the configuration of security policies in the Routing Engine and Packet Forwarding Engine.

This command recovers the security policies in the Packet Forwarding Engine. If policy inconsistencies between the Routing Engine and Packet Forwarding Engine are determined, the security policies resync.

Options

<from-zone `zone-name`	Recover the policies from this zone.
global	Recover global policies.
logical-system (`logical-system name` \| all)	Recover the policies on all logical systems or on a particular logical system.
pfe	Recover the policies on the Packet Forwarding Engine.
root-logical-system	Recover the policies on the root logical system. This is the default option.
to-zone `zone-name`	Recover the policies to this zone.
tenant `tenant-name`	Recover the policies of a tenant.

Additional Information

Security policies are stored in the routing engine and the packet forwarding engine. Security policies are pushed from the Routing Engine to the Packet Forwarding Engine when you commit configurations. If the security policies on the Routing Engine are out of sync with the Packet Forwarding Engine, the commit of a configuration fails. Core dump files may be generated if the commit is tried repeatedly. The out of sync can be due to:

A policy message from Routing Engine to the Packet Forwarding Engine is lost in transit.
An error with the routing engine, such as a reused policy UID.

When the policy configurations are modified and the policies are out of sync, the following error message displays - error: Warning: policy might be out of sync between RE and PFE <SPU-name(s)>. Please request security policies check/resync.

Use the show security policies checksum command to display the security policy checksum value and use the request security policies check to display the security policy sync status.

ON THIS PAGE

request security policies resync

Syntax

Description

Options

Additional Information

Required Privilege Level

Sample Output