Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
ON THIS PAGE
 

show security advanced-policy-based-routing policy-name

Syntax

Description

Display a summary of all APBR policies configured on the device.

You can use this command to understand the details of an APBR policy such as:

  • Name, status, zone-context of the APBR policy.

  • The number of times the traffic matches the APBR policy and APBR profile applied for the session.

Options

count

Display the number of configured APBR policies.

  • Range: 1 to 65535
detail

Display a detailed view of all of the APBR policies configured on the device.

from-zone

Display specific zone details applicable to the APBR policy.
logical-system

Displaythe logical system name.
root-logical-system

Display information about the default root-logical-system.
start

Display the policy from the given position.

  • Range: 1 to 65535

Required Privilege Level

view

Output Fields

Table 1 lists the output fields for the show security advanced-policy-based-routing policy-name command. Output fields are listed in the approximate order in which they appear.

Table 1: show security advanced-policy-based-routing policy-name

Field Name

Field Description

Policy

Name of the APBR policy.

State

Status of the policy. The policy is in one of the following state:

  • enabled: The policy can be used in the policy lookup process, which determines access rights for a packet and the action taken in regard to it.

  • disabled: The policy cannot be used in the policy lookup process, and therefore it is not available for access control.

Index

Internal number associated with the policy.

Sequence Number

Number of the policy within a given context. For example, three policies that are applicable in a from-zone A-to-zone B context might be ordered with sequence numbers 1, 2, 3. Also, in a from-zone C-to-zone D context, four policies might have sequence numbers 1, 2, 3, 4.

From zone

Name of the source zone.

Source addresses

The names of the source addresses for a policy. Address sets are resolved to their individual names.

Destination addresses

Name of the destination address (or address set) as it was entered in the destination zone’s address book

Applications

Name of a preconfigured or custom application whose type the packet matches, as specified at configuration time.

APBR Profile

Name of the applicable ABPR profile.

Table 2 lists the output fields for the show security advanced-policy-based-routing detail command. Output fields are listed in the approximate order in which they appear.

Table 2: show security advanced-policy-based-routing detail

Field Name

Field Description

APBR Policy

Name of the APBR policy.

State

Status of the policy. The policy is in one of the following state:

  • enabled: The policy can be used in the policy lookup process, which determines access rights for a packet and the action taken in regard to it.

  • disabled: The policy cannot be used in the policy lookup process, and therefore it is not available for access control.

Index

Internal number associated with the policy.

Sequence Number

Number of the policy within a given context. For example, three policies that are applicable in a from-zone A-to-zone B context might be ordered with sequence numbers 1, 2, 3. Also, in a from-zone C-to-zone D context, four policies might have sequence numbers 1, 2, 3, 4.

From zone

Name of the source zone.

Source addresses

The names and corresponding IP addresses of the source addresses for a policy. Address sets are resolved to their individual address name-IP address pairs.

Destination addresses

Name of the destination address (or address set) as it was entered in the destination zone’s address book. A packet’s destination address must match this value for the policy to apply to it.

Applications

Name of a preconfigured or custom application whose type the packet matches, as specified at configuration time.

  • IP protocol: The Internet protocol used by the application—for example, TCP, UDP, ICMP.

  • ALG: If an ALG is explicitly associated with the policy, the name of the ALG is displayed. If application-protocol ignore is configured, ignore is displayed. Otherwise, 0 is displayed. However, even if this command shows ALG: 0, ALGs might be triggered for packets destined to well-known ports on which ALGs are listening, unless ALGs are explicitly disabled or when application-protocol ignore is not configured for custom applications.

  • Inactivity timeout: Elapsed time without activity after which the application is terminated.

  • Source port range: The low-high source port range for the session application.

  • Destination port range: The low-high destination port range for the session application.

APBR Profile

Name of the applicable ABPR profile.

Table 3 lists the output fields for the show security advanced-policy-based-routing from-zone command. Output fields are listed in the approximate order in which they appear.

Table 3: show security advanced-policy-based-routing from-zone

Field Name

Field Description

From zone

Name of the source zone.

Policy count

Number of APBR policies configured for the zone.

Table 4 lists the output fields for the show security advanced-policy-based-routing hit-count command. Output fields are listed in the approximate order in which they appear.

Table 4: show security advanced-policy-based-routing hit-count

Field Name

Field Description

Logical system

Name of the associated logical system.

Index

Internal number associated with the policy.

From zone

Name of the source zone.

Name

Name of the APBR policy.

Policy count

Number of hits for each security policy.

Number of policy

Number of security policies for which hit counts are displayed.

Sample Output

show security advanced-policy-based-routing detail

show security advanced-policy-based-routing from-zone

show security advanced-policy-based-routing hit-count

show security advanced-policy-based-routing policy-name

Release Information

Command introduced in Junos OS Release 18.2R1.

Related Documentation