show security flow gate
Syntax
show security flow gate
[<filter>] [brief | summary]
Description
This command displays information about temporary openings known as pinholes or gates in the security firewall.
Pinholes are used by applications that commonly have both control and data sessions and must create openings in the firewall for the data sessions based on information from the parent sessions.
Options
destination-port—Destination port
destination-prefix—Destination IP prefix or address
protocol—IP protocol number
source-port—Source port
source-prefix—Source IP prefix or address
brief | summary—Display the specified level of output.
Required Privilege Level
view
Output Fields
Table 1 lists the output fields for the show security flow gate command. Output fields are listed in
the approximate order in which they appear.
Field Name |
Field Description |
|---|---|
|
Range of flows permitted by the pinhole. |
|
Tuples used to create the session if it matches the pinhole.
|
|
Application protocol, such as UDP or TCP. |
|
Name of the application. |
|
Idle timeout for the pinhole. |
|
Internal debug flags for the pinhole. |
|
Incoming zone. |
|
Number of resource manager references to the pinhole. |
|
Resource manager information about the pinhole. |
|
Number of valid gates. |
|
Number of pending gates. |
|
Number of invalid gates. |
|
Number of gates in other states. |
|
Number of gates in total. |
|
Number of maximum gates |
Sample Output
show security flow gate
user@host> show security flow gate Hole: 0.0.0.0-0.0.0.0/0-0->40.1.1.198.51.100.252/64515-64515 Translated: 0.0.0.0/0->10.0.31.161/25415 Protocol: udp Application: none/0 Age: 101 seconds Flags: 0xe001 Zone: untrust Reference count: 1 Resource: 5-1024-8185 Hole: 0.0.0.0-0.0.0.0/0-198.51.100.252/1046-1046 Translated: 198.51.100.252/36039-> 203.0.113.1/5060 Protocol: udp Application: junos-sip/63 Age: 65535 seconds Flags: 0xe200 Zone: untrust Reference count: 1 Resource: 5-1024-8189 Hole: 0.0.0.0-0.0.0.0/0-0->198.51.100.252-198.51.100.252/24101-24101 Translated: 0.0.0.0/0-> 198.51.100.252/24101 Protocol: udp Application: none/0 Age: 93 seconds Flags: 0xe001 Zone: trust Reference count: 1 Resource: 5-1024-8188 Hole: 0.0.0.0-0.0.0.0/0-0->40.1.1.5-198.51.100.252/24100-24100 Translated: 0.0.0.0/0->198.51.100.252/24100 Protocol: udp Application: none/0 Age: 93 seconds Flags: 0xe001 Zone: trust Reference count: 1 Resource: 5-1024-8191 Hole: 0.0.0.0-0.0.0.0/0-0->198.51.100.252-198.51.100.252/5060-5060 Translated: 0.0.0.0/0->198.51.100.252/5060 Protocol: udp Application: junos-sip/63 Age: 65535 seconds Flags: 0xe200 Zone: trust Reference count: 1 Resource: 5-1024-8190
show security flow gate brief
root> show security flow gate brief Flow Gates on FPC4 PIC1: Hole: 192.0.2.1-192.0.2.1/0->192.0.2.100-192.0.2.100/38143-38143 Translated: 192.0.2.1->192.0.2.100/38143 Protocol: tcp Application: FTP ALG/79 Age: 65532 seconds Flags: 0x0080 Zone: trust Reference count: 1 Resource: 1-24576-86016 Valid gates: 1 Pending gates: 0 Invalidated gates: 0 Gates in other states: 0 Total gates: 1 Flow Gates on FPC5 PIC0: Valid gates: 0 Pending gates: 0 Invalidated gates: 0 Gates in other states: 0 Total gates: 0 Flow Gates on FPC5 PIC1: Valid gates: 0 Pending gates: 0 Invalidated gates: 0 Gates in other states: 0 Total gates: 0
show security flow gate summary
root> show security flow gate summary Flow Gates on FPC4 PIC1: Valid gates: 1 Pending gates: 0 Invalidated gates: 0 Gates in other states: 0 Total gates: 1 Maximum gates: 131072 Flow Gates on FPC5 PIC0: Valid gates: 0 Pending gates: 0 Invalidated gates: 0 Gates in other states: 0 Total gates: 0 Maximum gates: 131072 Flow Gates on FPC5 PIC1: Valid gates: 0 Pending gates: 0 Invalidated gates: 0 Gates in other states: 0 Total gates: 0 Maximum gates: 131072
Release Information
Command introduced in Junos OS Release 8.5.
Filter and display options added in Junos OS Release 10.2.