Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
ON THIS PAGE
 

show security application-firewall rule-set logical-system

Syntax

The primary, or root, administrator can issue the following statements:

The user logical system administrator can issue the following statement:

Description

Display information about application firewall rule set(s) associated with a specific logical system, all logical systems, or the root logical system configured on a device.

Note:

The primary administrator can configure and view application firewall rule sets for the root logical system and all user logical systems configured on the device. User logical system administrators can configure and view application firewall rule set information only for the user logical systems for which they have access. For information about primary and user administrator roles in logical systems, see Understanding Logical Systems for SRX Series Services Gateways.

Starting in Junos OS Release 18.2R1, the application firewall (AppFW) functionality is deprecated. As a part of this change, the [edit security application-firewall] hierarchy and all the configuration options under this hierarchy are deprecated— rather than immediately removed—to provide backward compatibility and an opportunity to bring your configuration into compliance with the new configuration.

Options

rule-set-name—Name of a specific rule set.

logical-system-name—Name of a specific logical system.

all—(default) Display all rule sets for all logical systems. The user logical system administrator can display all rule sets only for the logical system they can access.

root-logical-system—Display application firewall rule set information for the root logical system (primary administrator only).

Required Privilege Level

view

Output Fields

Table 1 lists the output fields for the show security application-firewall rule-set logical-system command. Output fields are listed in the approximate order in which they appear.

Table 1: show security application-firewall rule-set logical-system Output Fields

Field Name

Field Description

Rule-set

Name of the rule set.

Logical system

Name of the logical system.

Rule

Name of the rule.

  • Dynamic applications—Name of the applications.

  • Dynamic application groups—Name of the application groups.

  • Action—The action taken with respect to a packet that matches the application firewall rule set. Actions include the following:

    • permit

    • deny

  • Number of sessions matched—Number of sessions matched with the application firewall rule.

Default rule

The default rule applied when the identified application is not specified in any rules of the rule set.

  • Number of sessions matched—Number of sessions matched with the application firewall default rule.

Number of sessions with appid pending

Number of sessions that are pending with the application ID processing.

Sample Output

show security application-firewall rule-set logical-system all

show security application-firewall rule-set all

Release Information

Command introduced in Junos OS Release 11.4.

Related Documentation