Use the ipsec -f display command to display active filter rules, configured filter rules from IP security policy configuration files, and the default IP filter rules from the TCP/IP profile. The scope on the command, as indicated by the -c option, determines which source is queried:
The output of the command can be quite voluminous, so you might want to redirect the output of the display to a file.
The information in the report header of the report output indicates how many filters are active, and also indicates the source of the filters, whether from the default IP filter policy or the IP security policy from the Policy Agent.
ipsec -f display
CS V1R12 ipsec Stack Name: TCPCS Tue Feb 16 10:53:12 2010
Primary: Filter Function: Display Format: Detail
Source: Stack Profile Scope: Current TotAvail: 14
Logging: On Predecap: Off DVIPSec: Yes
NatKeepAlive: 20 FIPS140: No
Defensive Mode: Inactive
If the source field shows Stack Policy, the IP security policy is installed and active.
If the source field shows Stack Profile, the IP security policy is either not installed or the ipsec -f default command was issued. Either issue the ipsec -f reload command, or correct the IP security policy configuration.
Filter displays can be abbreviated to include only specific named rules. To view a named filter rule, use the -n option as follows:
ipsec -f display -n Rule2Admin
CS V2R1 ipsec Stack Name: TCPCS Tue Feb 14 10:54:36 2012
Primary: Filter Function: Display Format: Detail
Source: Stack Policy Scope: Current TotAvail: 137
Logging: On Predecap: Off DVIPSec: Yes
NatKeepAlive: 20 FIPS140: No
Defensive Mode: Inactive
FilterName: Rule2Admin
FilterNameExtension: 1
GroupName: Admin
LocalStartActionName: n/a
VpnActionName: Silver-TransportMode
TunnelID: Y0
Type: Dynamic Anchor
DefensiveType: n/a
State: Active
Action: Permit
Scope: Local
Direction: Outbound
OnDemand: No
SecurityClass: 0
Logging: Deny
LogLimit: n/a
Protocol: All
ICMPType: n/a
ICMPTypeGranularity: n/a
ICMPCode: n/a
ICMPCodeGranularity: n/a
OSPFType: n/a
TCPQualifier: n/a
ProtocolGranularity: Rule
SourceAddress: 9.1.1.1
SourceAddressPrefix: n/a
SourceAddressRange: n/a
SourceAddressGranularity: Packet
SourcePort: n/a
SourcePortRange: n/a
SourcePortGranularity: n/a
DestAddress: 9.1.1.2
DestAddressPrefix: n/a
DestAddressRange: n/a
DestAddressGranularity: Packet
DestPort: n/a
DestPortRange: n/a
DestPortGranularity: n/a
OrigRmtConnPort: n/a
RmtIDPayload: n/a
RmtUdpEncapPort: n/a
CreateTime: 2012/02/14 10:49:48
UpdateTime: 2012/02/14 10:49:48
DiscardAction: Silent
MIPv6Type: n/a
MIPv6TypeGranularity: n/a
TypeRange: n/a
CodeRange: n/a
RemoteIdentityType: n/a
RemoteIdentity: n/a
FragmentsOnly: No
FilterMatches: 0
LifetimeExpires: n/a
AssociatedStackCount: n/a
***********************************************************************
FilterName: Rule2Admin
FilterNameExtension: 2
GroupName: Admin
LocalStartActionName: n/a
VpnActionName: Silver-TransportMode
TunnelID: Y0
Type: Dynamic Anchor
DefensiveType: n/a
State: Active
Action: Permit
Scope: Local
Direction: Inbound
OnDemand: No
SecurityClass: 0
Logging: Deny
LogLimit: n/a
Protocol: All
ICMPType: n/a
ICMPTypeGranularity: n/a
ICMPCode: n/a
ICMPCodeGranularity: n/a
OSPFType: n/a
TCPQualifier: n/a
ProtocolGranularity: Rule
SourceAddress: 9.1.1.2
SourceAddressPrefix: n/a
SourceAddressRange: n/a
SourceAddressGranularity: Packet
SourcePort: n/a
SourcePortRange: n/a
SourcePortGranularity: n/a
DestAddress: 9.1.1.1
DestAddressPrefix: n/a
DestAddressRange: n/a
DestAddressGranularity: Packet
DestPort: n/a
DestPortRange: n/a
DestPortGranularity: n/a
OrigRmtConnPort: n/a
RmtIDPayload: n/a
RmtUdpEncapPort: n/a
CreateTime: 2012/02/14 10:49:48
UpdateTime: 2012/02/14 10:49:48
DiscardAction: Silent
MIPv6Type: n/a
MIPv6TypeGranularity: n/a
TypeRange: n/a
CodeRange: n/a
RemoteIdentityType: n/a
RemoteIdentity: n/a
FragmentsOnly: No
FilterMatches: 0
LifetimeExpires: n/a
AssociatedStackCount: n/a
***********************************************************************
2 entries selected