show security zones
Syntax
show security zones
<zone-name>
<all-logical-systems-tenants>
<detail>
<logical-system (logical-system-name | all)>
<root-logical-system>
<tenant (tenant-name | all)>
<terse>
<type (functional | security)>
Description
This command displays the information about the security zones. You can define a security zone, which allows you to divide the network into different segments and apply different security options to each segment.
Options
none—Displays information about all the security zones configured.zone-name—(Optional) Displays information about the specified security zone.all-logical-systems-tenants—(Optional) Displays the information about the security zone of all logical systems and tenant systems.detail—(Optional) Displays the detail level information about the security zone.logical-system logical-system-name—(Optional) Displays the information about the security zones of a specified logical system.logical-system all—(Optional) Displays the information about the security zones of all logical systems.root-logical-system—(Optional) Displays the information about the security zones of the root logical system.tenant tenant-name—(Optional) Displays the information about the security zones of a specified tenant system.tenant all—(Optional) Displays the information about the security zones of all tenant systems.terse—(Optional) Displays the specified level information about the security zone.type functional—(Optional) Displays the information for functional zones.type security—(Optional) Displays the information for security zones.
Required Privilege Level
view
Output Fields
Table 1 lists the output fields for the show security zones command. Output fields are listed in the
approximate order in which they appear.
Field Name |
Field Description |
Level of Output |
|---|---|---|
|
Name of the functional zone. |
none |
|
Name of the security zone. |
detail none |
|
Description of the security zone. |
detail none |
|
Whether the policy can be configured or not. |
detail none |
|
Number of interfaces in the zone. |
detail none |
|
List of the interfaces in the zone. |
detail none |
|
Name of the zone. |
terse |
|
Type of the zone. |
terse |
|
Name of the logical system. |
detail |
|
|
Name of the tenant system. |
detail |
|
|
Allowlist for all IP screen options to bypass the IP screening check at zone level. |
detail |
Sample Output
- show security zones
- show security zones abc
- show security zones all-logical-systems-tenants
- show security zones abc detail
- show security zones logical-system LSYS1
- show security zones logical-system all
- show security zones root-logical-system
- show security zones tenant TSYS1
- show security zone tenant all
- show security zones terse
- show security zones type security
- show security zones TRUST
- show security zones (Screen allowlist)
show security zones
user@host> show security zones
Functional zone: management
Description: This is the management zone.
Policy configurable: No
Interfaces bound: 1
Interfaces:
ge-0/0/0.0
Security zone: Host
Description: This is the host zone.
Send reset for non-SYN session TCP packets: Off
Policy configurable: Yes
Interfaces bound: 1
Interfaces:
fxp0.0
Security zone: abc
Description: This is the abc zone.
Send reset for non-SYN session TCP packets: Off
Policy configurable: Yes
Interfaces bound: 1
Interfaces:
ge-0/0/1.0
Security zone: def
Description: This is the def zone.
Send reset for non-SYN session TCP packets: Off
Policy configurable: Yes
Interfaces bound: 1
Interfaces:
ge-0/0/2.0
show security zones abc
user@host> show security zones abc
Security zone: abc
Description: This is the abc zone.
Send reset for non-SYN session TCP packets: Off
Policy configurable: Yes
Interfaces bound: 1
Interfaces:
ge-0/0/1.0
show security zones all-logical-systems-tenants
user@host> show security zones all-logical-systems-tenants Logical system: root-logical-system Security zone: HOST Send reset for non-SYN session TCP packets: Off Policy configurable: Yes Interfaces bound: all Interfaces: Security zone: junos-host Send reset for non-SYN session TCP packets: Off Policy configurable: Yes Interfaces bound: 0 Interfaces: Logical system: LSYS1 Security zone: z1 Send reset for non-SYN session TCP packets: Off Policy configurable: Yes Interfaces bound: 0 Interfaces: Logical system: TSYS1 Security zone: z3a Send reset for non-SYN session TCP packets: Off Policy configurable: Yes Interfaces bound: 0 Interfaces: Security zone: z3b Send reset for non-SYN session TCP packets: Off Policy configurable: Yes Interfaces bound: 0 Interfaces: Security zone: z3c Send reset for non-SYN session TCP packets: Off Policy configurable: Yes Interfaces bound: 0 Interfaces:
show security zones abc detail
user@host> show security zones abc detail
Security zone: abc
Description: This is the abc zone.
Send reset for non-SYN session TCP packets: Off
Policy configurable: Yes
Interfaces bound: 1
Interfaces:
ge-0/0/1.0
show security zones logical-system LSYS1
user@host> show security zones logical-system LSYS1 Security zone: z1 Send reset for non-SYN session TCP packets: Off Policy configurable: Yes Interfaces bound: 0 Interfaces:
show security zones logical-system all
user@host> show security zones logical-system all Logical system: root-logical-system Security zone: HOST Send reset for non-SYN session TCP packets: Off Policy configurable: Yes Interfaces bound: all Interfaces: Security zone: junos-host Send reset for non-SYN session TCP packets: Off Policy configurable: Yes Interfaces bound: 0 Interfaces: Logical system: LSYS1 Security zone: z1 Send reset for non-SYN session TCP packets: Off Policy configurable: Yes Interfaces bound: 0 Interfaces:
show security zones root-logical-system
user@host> show security zones root-logical-system Security zone: HOST Send reset for non-SYN session TCP packets: Off Policy configurable: Yes Interfaces bound: all Interfaces: Security zone: junos-host Send reset for non-SYN session TCP packets: Off Policy configurable: Yes Interfaces bound: 0 Interfaces:
show security zones tenant TSYS1
user@host> show security zones tenant TSYS1 Security zone: z3a Send reset for non-SYN session TCP packets: Off Policy configurable: Yes Interfaces bound: 0 Interfaces: Security zone: z3b Send reset for non-SYN session TCP packets: Off Policy configurable: Yes Interfaces bound: 0 Interfaces: Security zone: z3c Send reset for non-SYN session TCP packets: Off Policy configurable: Yes Interfaces bound: 0 Interfaces:
show security zone tenant all
user@host> show security zone tenant all Tenant: TSYS1 Security zone: Host Send reset for non-SYN session TCP packets: Off Policy configurable: Yes Interfaces bound: 0 Interfaces: Security zone: abc Send reset for non-SYN session TCP packets: Off Policy configurable: Yes Interfaces bound: 0 Interfaces:xe-0/0/1.0 Security zone: def Send reset for non-SYN session TCP packets: Off Policy configurable: Yes Interfaces bound: 1 Interfaces:xe-0/0/3.0
show security zones terse
user@host> show security zones terse Zone Type my-internal Security my-external Security dmz Security
show security zones type security
user@host> show security zones type security Security zone: HOST Send reset for non-SYN session TCP packets: Off Policy configurable: Yes Interfaces bound: all Interfaces: Security zone: junos-host Send reset for non-SYN session TCP packets: Off Policy configurable: Yes Interfaces bound: 0 Interfaces:
show security zones TRUST
user@host> show security zones TRUST Security zone: TRUST Send reset for non-SYN session TCP packets: Off Policy configurable: Yes Interfaces bound: 0 Interfaces: xe-7/0/3.0 unidirectional-session-refreshing: Yes
show security zones (Screen allowlist)
user@host> show security zones
Logical system: root-logical-system
Security zone: trust
Zone ID: 7
Send reset for non-SYN session TCP packets: Off
Policy configurable: Yes
Screen: jscreen
Screen whitelist: 2
a1
a2
Interfaces bound: 3
Interfaces:
ge-0/0/2.0
Advanced-connection-tracking timeout: 1800
Unidirectional-session-refreshing: No
Release Information
Command introduced in Junos OS Release 8.5.
tenant option introduced in Junos OS Release 18.3R1.