Prisma SD-WAN ION CLI Reference
    : dump config security
    Focus
    Download PDF
    Focus
    1. Home
    2. Prisma
    3. Prisma SD-WAN
    4. Prisma SD-WAN ION CLI Reference
    5. Use CLI Commands
    6. Dump Commands
    7. dump config security
    Download PDF

    Prisma SD-WAN ION CLI Reference

    dump config security

    Table of Contents

    dump config security

    Use the dump config security command to display the security configuration available on a device. Information displayed includes configuration for security policy stack, security policy sets, security policy zones, prefix filters, and security policy rules.

    Command

    dump config security

    Options

    None

    Command Notes

    RoleSuper, Read Only, Monitor
    Related Commands
    dump-support details
    Introduced in Release 4.7.1

    Example

    dump config security 
	SECURITY POLICY STACKS
	---------------------------------------------------
	Security Policy Stack ID : 16242998621490011
	Security Policy Stack Name : Stack1
	Default Policy Set ID : 16228336609730048
	Default Policy Set Name : default
	Policy Set Order:     
	16245957623450255 : Set2-Port-Range     
	16245009722000198 : Set3-Specific     
	16245013500920058 : Set4-Generic
	
	SECURITY POLICY SETS
	---------------------------------------------------
	Security Policy Set ID : 16245957623450255
	Security Policy Set Name: Set2-Port-Range
	Policy Rule Order:     
	16246315738930189: Rule1-Set2-20     
	16246317241460212: Rule2-Set2-21     
	16246318197250246: Rule3-Set2-22
	
	Security Policy Set ID : 16245009722000198
	Security Policy Set Name: Set3-Specific
	Policy Rule Order:    
	16245010650670003: Rule1-Set3-20     
	16245011984140128: Rule2-Set3-21     
	16245012757060237: Rule3-Set3-22
	
	Security Policy Set ID : 16245013500920058
	Security Policy Set Name: Set4-Generic
	Policy Rule Order:     
	16245013906270078: Rule1-Set4
	
	Security Policy Set ID : 16228336609730048
	Security Policy Set Name: default
	Policy Rule Order:     
	16228336610060052: self-zone    
	16228336610050051: intra-zone    
	16228336609900050: default
	SECURITY POLICY ZONES
	---------------------------------------------------
	Security Policy Zone ID : 16204672468290016
	Security Policy Zone Name : Zone-Internet-VPN
	Zone Association ID : 16245135536470064
	Interfaces :    
	VPN-overlay
	LAN Networks :
	
	Security Policy Zone ID : 16200471388560063
	Security Policy Zone Name : Zone-Internet
	Zone Association ID : 16285714095880087
	Interfaces :    
	16150115632720220 : 2
	LAN Networks :
	
	Security Policy Zone ID : 16200471619100074
	Security Policy Zone Name : Zone-LAN
	Zone Association ID : 16245779281070041
	Interfaces :
	LAN Networks :  
	Name : default_san-jose_114105279  
	ID   : 16200275524390210 
	LAN Prefixes :   
	192.168.7.1/24 
	
	Name : default_san-jose_450021252  
	ID   : 16261268429250112  
	LAN Prefixes :    192.168.102.1/24  
	
	Name : default_san-jose_270864556 
	ID   : 16261251535530088  
	LAN Prefixes :    192.168.101.1/24
	
	SECURITY POLICY PREFIX FILTERS
	---------------------------------------------------
	Prefix Filter ID   : 16242993943320129
	Prefix Filter Name : DC-192-168-20-0
	Prefix :    
	192.168.20.0/24
	
	Prefix Filter ID   : 16242994662000182
	Prefix Filter Name : DC-192-168-22-0
	Prefix :    
	192.168.22.0/24
	
	Prefix Filter ID   : 16242994310450145
	Prefix Filter Name : DC-192-168-21-0
	Prefix :    
	192.168.21.0/24
	
	Prefix Filter ID   : 16242993172060125
	Prefix Filter Name : LAN-192-168-7-100
	Prefix :    192.168.7.100/32
	
	SECURITY POLICY RULES
	---------------------------------------------------
	Security Policy Rule ID : 16246315738930189
	Security Policy Rule Name : Rule1-Set2-20
	Action : allow
	Rule-Type : custom
	Enabled : true
	Source Zones :      
	16200471619100074: Zone-LAN
	Destination Zones :      
	16204672468290016: Zone-Internet-VPN
	Applications :       
	ANY
	Source Prefix Filters :       
	16242993172060125: LAN-192-168-7-100
	Destination Prefix Filters :       
	16242993943320129: DC-192-168-20-0
	Services : 
	Protocol : 6  
	Source Port Range :    
	ANY 
	Destination Port Range :    
	from : 5005   
	to   : 5015
	
	from : 5020    
	to   : 5025  
	
	Protocol : 17 
	Source Port Range :    
	ANY  
	Destination Port Range :    
	from : 5005   
	to   : 5015 
	
	Protocol : 1  
	Source Port Range :    
	ANY  
	Destination Port Range :    
	ANY
	
	Security Policy Rule ID : 16246317241460212
	Security Policy Rule Name : Rule2-Set2-21
	Action : deny
	Rule-Type : custom
	Enabled : true
	Source Zones :       
	16200471619100074: Zone-LAN
	Destination Zones :      
	16204672468290016: Zone-Internet-VPN
	Applications :        
	ANY
	Source Prefix Filters :      
	16242993172060125: LAN-192-168-7-100
	Destination Prefix Filters :       
	16242994310450145: DC-192-168-21-0
	Services :  
	Protocol : 6  
	Source Port Range :    
	ANY  
	Destination Port Range :   
	from : 6000   
	to   : 6010  
	
	Protocol : 17 
	Source Port Range :  
	ANY  
	Destination Port Range :   
	from : 6005    
	to   : 6015
	
	Security Policy Rule ID : 16246318197250246
	Security Policy Rule Name : Rule3-Set2-22
	Action : reject
	Rule-Type : custom
	Enabled : true
	Source Zones :      
	16200471619100074: Zone-LAN
	Destination Zones :      
	16204672468290016: Zone-Internet-VPN
	Applications :        
	ANY
	Source Prefix Filters :      
	16242993172060125: LAN-192-168-7-100
	Destination Prefix Filters :       
	16242994662000182: DC-192-168-22-0
	Services : 
	Protocol : 6 
	Source Port Range :    
	ANY 
	Destination Port Range :   
	from : 7000   
	to   : 7010 
	
	Protocol : 17 
	Source Port Range :  
	ANY  
	Destination Port Range :   
	from : 7000   
	to   : 7010
	
	Security Policy Rule ID : 16245010650670003
	Security Policy Rule Name : Rule1-Set3-20
	Action : allow
	Rule-Type : custom
	Enabled : true
	Source Zones :      
	16200471619100074: Zone-LAN
	Destination Zones :     
	16204672468290016: Zone-Internet-VPN
	Applications :      
	ANY
	Source Prefix Filters :      
	16242993172060125: LAN-192-168-7-100
	Destination Prefix Filters :      
	16242993943320129: DC-192-168-20-0
	Services :  
	Protocol : 6 
	Source Port Range :  
	ANY 
	Destination Port Range :   
	from : 5005   
	to   : 5005 
	
	Protocol : 17  
	Source Port Range :  
	ANY 
	Destination Port Range :  
	from : 5005  
	to   : 5005
	
	Security Policy Rule ID : 16245011984140128
	Security Policy Rule Name : Rule2-Set3-21
	Action : deny
	Rule-Type : custom
	Enabled : true
	Source Zones :      
	16200471619100074: Zone-LAN
	Destination Zones :    
	16204672468290016: Zone-Internet-VPN
	Applications :        
	ANY
	Source Prefix Filters :     
	16242993172060125: LAN-192-168-7-100
	Destination Prefix Filters :     
	16242994310450145: DC-192-168-21-0
	Services :  
	Protocol : 6
	Source Port Range :   
	ANY
	Destination Port Range :    
	from : 6000   
	to   : 6000 
	
	Protocol : 17  
	Source Port Range :    
	ANY  
	Destination Port Range :  
	from : 6005   
	to   : 6005
	
	Security Policy Rule ID : 16245012757060237
	Security Policy Rule Name : Rule3-Set3-22
	Action : reject
	Rule-Type : custom
	Enabled : true
	Source Zones :      
	16200471619100074: Zone-LAN
	Destination Zones :      
	16204672468290016: Zone-Internet-VPN
	Applications :       
	ANY
	Source Prefix Filters :      
	16242993172060125: LAN-192-168-7-100
	Destination Prefix Filters :       
	16242994662000182: DC-192-168-22-0
	Services :  
	Protocol : 6  
	Source Port Range :   
	ANY  
	Destination Port Range :    
	from : 7000  
	to   : 7000  
	
	Protocol : 17 
	Source Port Range :   
	ANY  
	Destination Port Range :    
	from : 7000   
	to   : 7000
	
	Security Policy Rule ID : 16245013906270078
	Security Policy Rule Name : Rule1-Set4
	Action : allow
	Rule-Type : custom
	Enabled : true
	Source Zones :       
	16200471619100074: Zone-LAN
	Destination Zones :       
	16204672468290016: Zone-Internet-VPN
	Applications :      
	ANY
	Source Prefix Filters :    
	ANY
	Destination Prefix Filters :      
	ANY
	Services :      
	ANY
	
	Security Policy Rule ID : 16228336610060052
	Security Policy Rule Name : self-zone
	Action : allow
	Rule-Type : self-zone
	Enabled : true
	Source Zones :        
	ANY
	Destination Zones :       
	ANY
	Applications :      
	ANY
	Source Prefix Filters :        
	ANY
	Destination Prefix Filters :     
	ANY
	Services :        
	ANY
	
	Security Policy Rule ID : 16228336610050051
	Security Policy Rule Name : intra-zone
	Action : allow
	Rule-Type : intra-zone
	Enabled : true
	Source Zones :      
	ANY
	Destination Zones :        
	ANY
	Applications :       
	ANY
	Source Prefix Filters :        
	ANY
	Destination Prefix Filters :   
	ANYServices :        
	ANY
	
	Security Policy Rule ID : 16228336609900050
	Security Policy Rule Name : default
	Action : deny
	Rule-Type : default
	Enabled : true
	Source Zones :        
	ANY
	Destination Zones :       
	ANY
	Applications :        
	ANY
	Source Prefix Filters :       
	ANY
	Destination Prefix Filters :       
	ANY
	Services :     
	ANY

    © 2024 Palo Alto Networks, Inc. All rights reserved.