防火墙上安全策略比较多

  display security-policy rule {rule-id/name}  

dis security-policy ip  查看安全策略的配置信息

dis security-policy statistics ip  查看安全策略的匹配上的数据情况

display security-policy { ip | ipv6 } [ brief | rule name rule-name ]

name rule-name：表示安全策略规则的名称，为1～127个字符的字符串，不区分大小写。

# 显示IPv4安全策略规则名称为der的配置信息。

<Sysname> display security-policy ip rule name der

Inactive: Time range or track is inactive.

Invalid: This rule is invalid. One or more items of source address and destination address are not configured.

 rule 0 name der (Inactive)

  action pass

  profile er

  vrf re

  logging enable

  counting enable period 20

  counting enable TTL 1200

  time-range dere

  track positive 23

  session aging-time 5000

  session persistent aging-time 2400

  source-zone trust

  destination-zone trust

  source-ip erer

  source-ip-host 1.1.1.4

  source-ip-subnet 1.1.1.0 255.255.255.0

  source-ip-range 2.2.1.1 3.3.3.3

  source-location location1

  source-location-group location-group1

  destination-ip client1

  destination-ip-host 5.5.1.2

  destination-ip-subnet 5.5.1.0 255.255.255.0

  destination-ip-range 2.2.1.1 3.3.3.3

  destination-location location2

  destination-location-group location-group2

  service ftp

  service-port tcp

  service-port tcp source lt 100 destination eq 104

  service-port tcp source eq 100 destination range 104 2000

  service-port udp

  service-port udp source gt 100 destination eq 104

  service-port udp destination eq 100

  service-port icmp 100 122

  service-port icmp

  app-group ere

  application 110Wang

  terminal-group group1

  terminal terminal1

  user der

  user-group ere

  hits 100