The z/OS UNIX pasearch command: Display policies

Use the z/OS® UNIX pasearch command to query information from the z/OS UNIX Policy Agent. The command is issued from the UNIX System Services shell.

Restriction: The pasearch command requires access to the PAPI DLL at run time. Ensure that the LIBPATH environment variable is specified and points to the /usr/lib directory. For example, specify: export LIBPATH=/usr/lib

Note: If the user is not a superuser, see z/OS Communications Server: IP Configuration Guide for information about configuring the Policy Agent and setting up authorization for the client to retrieve policies.

Result: If any of the information that is requested by the pasearch command is not currently available, the pasearch command displays <not available>. For example, when the pasearch command is issued on a policy client, some information might need to be obtained from the policy server. Reissue the pasearch command later to see the complete information.

Format:

Read syntax diagramSkip visual syntax diagrampasearchOption
Option
Read syntax diagramSkip visual syntax diagram -A -e -A -a -C -c -d -e -f PolicyFilterName -g -I -i -n -o -p image -q -R -r -s PolicyScopeName -T -t -vafkl -w -z -?

Parameters:

-A
Display active policy entries that match input options for pasearch. This is the default. If all policy entries are requested (pasearch -e, pasearch, or pasearch -a -r) and the policy rule is active, then active policy actions are returned. Policies on the policy server that are loaded on behalf of policy clients always display as active policies.
-a
Display all policy actions that match the input options for the pasearch command. Because the default action is to return all types of policy actions, use the -i, -q, -R, -t, -v or Start of change-zEnd of change option to limit the type of policy actions that are returned.
-C
Display all image names with policies that are configured in Policy Agent. This includes locally defined images (those defined on a TcpImage statement) and connected policy clients (where the image name is defined by each client on the ClientName parameter on the PolicyServer statement).
-c
Display policy object information (for example, FLUSH or NOFLUSH, PURGE or NOPURGE). This option can be used with the image option (-p), or the policy type options (-i, -q, -R, -t, -v or Start of change-zEnd of change). All other options are either ignored or are not valid.
See the following descriptions of policy object fields:
ConfigLocation
Indicates the source from which the policies were loaded. The following might be displayed on the policy server:
Local
Indicates that the policies were loaded from local configuration files, an LDAP server, or both.
Client
Indicates that the policies were loaded for a connected policy client.
The following might be displayed on the policy client:
Local
Indicates that the policies were loaded from local configuration files, an LDAP server, or both.
Remote
Indicates that the policies were loaded from the policy server.
LDAPServer
Indicates whether or not an LDAP server is used for local policies.
CommonFileName
Indicates the name of the common configuration file, if one exists.
ImageFileName
Indicates the name of the stack-specific configuration file.
ClientName
Indicates the policy client name.
ClientUserid
Indicates the user ID being used for a policy client.
PolicyServerAddr
Indicates the IP address of the policy server being used for remote policies.
PolicyServerPort
Indicates the port of the policy server being used for remote policies.
PolicyServSysname
Indicates the system name of the policy server being used for remote policies.
PolicyClientAddr
Indicates the IP address of a connected policy client.
PolicyClientPort
Indicates the port of a connected policy client.
ConnectTime
Indicates the time when a policy client connected to the policy server.
ApplyFlush
Indicates whether the policy type uses the PolicyFlush flag for FLUSH or NOFLUSH processing.
DeleteOnNoflush
Indicates whether or not NOFLUSH processing is honored.
ApplyPurge
Indicates whether the policy type uses the PurgePolicies flag for PURGE or NOPURGE processing.
AtomicParse
Indicates whether or not parsing of the policy type is atomic. With atomic parsing, any errors result in the entire set of policy changes for that policy type being discarded. Without atomic parsing, only objects found to be in error are discarded.
DummyOnEmptyPolicy
Indicates whether the TCP/IP stack is informed if no policies are configured for this type of policy.
ModifyOnIDChange
Indicates whether or not a rule or action object is considered changed if only the rule or action ID changes due to the order of policies.
PolicyFlush
For policy types that honor FLUSH, indicates whether FLUSH or NOFLUSH was configured on the TcpImage, PEPInstance, or specific type configuration statement (for example TTLSConfig).
PurgePolicies
For policy types that honor PURGE, indicates whether PURGE or NOPURGE was configured on the TcpImage, PEPInstance, or specific type configuration statement (for example TTLSConfig).
Configured
Indicates whether any policies were configured for this policy type.
UpdateInterval
Indicates the time interval (in seconds) for checking the creation or modification time of the configuration file or files, and for refreshing policies from the LDAP server.
PerfColEnabled
Indicates whether the PolicyPerformanceCollection statement was enabled.
InstanceId
An identification associated with the last update for this policy type.
LastPolicyChanged
The time stamp value that indicates when any policy rule, policy action, or table for this policy type was last updated.
Policy updated
The time stamp value that indicates when the IPSec policy object was last updated.
-d
Display debug information to stdout.
-e
Display all policy entries (policy rules and policy actions) that match the input options for the pasearch command. If policy action matches, then the associated policy rule is returned. This is the default.
-f PolicyFilterName
Display policy entries that match the policy name based on input options for the pasearch command. For a policy rule or policy action the name is either the policy name specified on the configuration file statement that defines the policy entry (policy rule or policy action) or the name specified using the ServiceName, policyActionName, PolicyRulesName, or policyRuleName attribute for policy entries defined on an LDAP server. For the route table the name is the name configured on the RouteTable statement.
Rules:
  • The name is case sensitive.
  • To match the PolicyFilterName attribute with multiple policy entries, use the -w option with the -f option. The PolicyFilterName attribute is treated as a wildcard name; the default action is to find an exact match.
  • To match the PolicyFilterName attribute with the policy rule name, do not use the -g option with the -f option. This is the default.
  • To match the PolicyFilterName attribute with the policy action name, use the -g option with the -f option.
  • To match the PolicyFilterName attribute with the route table name, use the -T option with the -f option.
-g
Matches the PolicyFilterName attribute to policy actions. If retrieving both policy rules and policy actions, then this request returns a policy rule when there is a matching policy action. If no PolicyFilterName attribute is passed, then no action name filtering is performed.
-I
Display inactive policy entries that match input options for the pasearch command. If all policy entries are requested (pasearch -e -I, pasearch -I, or pasearch -I -a -r) and the policy rule Start of changeand its associated policy action areEnd of change inactive, then inactive policy Start of changerules andEnd of change actions are returned. Policies on the policy server that are loaded on behalf of policy clients always display as active policies.
Tip: Start of changeActions for most policy types are always active. To display inactive rules use 'pasearch -r -I'. You can include additional qualifiers to see only the inactive rule names (-n) or to see only inactive rules for a specific type of policy ( -i, -q, -R, -t, or -v ).End of change
-i
Display all IDS policy entries that match the input options for the pasearch command.
-n
Display only policy rule, policy action, or route table names (policy details are not displayed).
-o
Display the policy rule condition original level and condition original arrays. This option applies only to complex rules (those that use CNF or DNF conditions). For such rules, there are two sets of condition arrays maintained: the original set of specified conditions, and a working set that has been collapsed or summarized for performance reasons. By default, only the working set is displayed. Use this option to display the original set.
-p image
Display all policy entries that belong to the specified image name that match input options for the pasearch command. The default action is to return all policy entries for all TCP/IP stacks. The value used for the image name must match one of the values that is specified on the TcpImage or PEPInstance statement in the Policy Agent configuration file, or match a connected policy client name.

Result: If the -p option is not used, then only the policies that are configured with the TcpImage or PEPInstance statement are returned.

-q
Display all QoS policy entries that match the input options for the pasearch command.
-R
Display all Routing policy entries that match the input options for the pasearch command.
  • With the -e option, this displays Routing policy rules and policy actions. This is the default.
  • With the -r option or the -a option, this displays Routing policy rules or policy actions.
  • With the -T option, this displays route tables.
-r
Display all policy rules that match the input options for the pasearch command.
-s PolicyScopeName
Display all policy actions that match the PolicyScopeName value. The PolicyScopeName attribute is not case sensitive.
  • Display all QoS, IpFilter, or AT-TLS policy actions that match the PolicyScopeName value.
    • Valid QoS PolicyScopeName values are DataTraffic, RSVP, or both.
    • Valid IpFilter PolicyScopeName values are DynamicVpn, ManualVpn, GenericFilter, or LocalStart.
    • Valid AT-TLS PolicyScopeName values are Group, Environment, or Connection.
  • If both policy rules and policy actions are requested (pasearch -e -s PolicyScopeName or pasearch -a - r -s PolicyScopeName), then the policy rule is returned with all its policy actions when there is a matching policy action with the requested PolicyScopeName value.
-T
Display all tables that match the input options for the pasearch command. The only supported table is routing policy type (-R). The -R policy type is the default.
  • With the -A option, the -T option displays active routing tables. These are routing tables that are configured and referenced by an active Routing policy rule and its associated Routing policy action. This is the default.
  • With the -I option, the -T option displays inactive routing tables. These are routing tables that are configured but not referenced by an active Routing policy rule and its associated Routing policy action.
-t
Display all Application Transparent Transport Layer Security (AT-TLS) policy entries that match the input options for pasearch.
Results:
  • Pasearch does not display optional parameters that do not have a default value.
  • Pasearch does not display the value of a password parameter and indicates only whether it is configured with a value of Yes or No.
-v
Displays IPSec IpFilter, KeyExchange, and LocalDynVpn policies that match the input options for the pasearch command.
a
Display all IPSec policy entries.
f
Display only IpFilter policy entries.
k
Display only KeyExchange policy entries.
l
Display only LocalDynVpn policy entries.
-w
The PolicyFilterName is a wildcard to be matched to the name. For example, if PolicyFilterName = Web, then all policy rules, policy actions, or route tables with the first 3 characters of their names equal to Web are returned. If no PolicyFilterName is passed, then no name filtering is done.
Start of change-zEnd of change
Start of changeDisplay all ZERT policy entries that match the input options for pasearch.End of change
-?
Display pasearch options help information.

Examples:

The following example shows policy object information for all types of policies:
========================================================================
================== pasearch -c =========================================
========================================================================

TCP/IP pasearch CS V2R5                  Image Name: Start of changeTCPCSEnd of change
  Date:                 Start of change08/03/2020End of change        Time:  Start of change13:41:40End of change
  PAPI Version:         Start of change15End of change                 DLL Version:  Start of change15End of change
Qos Policy Object:
  ConfigLocation:       Local             LDAPServer:        True
  ImageFileName:        /u/user10/pagallcimagea.conf
  ApplyFlush:           True              PolicyFlush:       True
  ApplyPurge:           True              PurgePolicies:     True
  AtomicParse:          False             DeleteOnNoflush:   False
  DummyOnEmptyPolicy:   False             ModifyOnIDChange:  True
  Configured:           True              UpdateInterval:    120
  PerfColEnabled:       False
  InstanceId:           1253294875
  LastPolicyChanged:    Fri Sep 18 13:27:55 2011

Ids Policy Object:
  ConfigLocation:       Local             LDAPServer:        True
  CommonFileName:
  ImageFileName:        /usr/lpp/tcpip/samples/pagent_IDS.conf
  ApplyFlush:           True              PolicyFlush:       True
  ApplyPurge:           True              PurgePolicies:     True
  AtomicParse:          False             DeleteOnNoflush:   False
  DummyOnEmptyPolicy:   False             ModifyOnIDChange:  False
  Configured:           True              UpdateInterval:    120
  InstanceId:           1253294875
  LastPolicyChanged:    Fri Sep 18 13:27:55 2011

IPSec Policy Object:
  ConfigLocation:       Remote            LDAPServer:        False
  ClientName:           VIC136_TCPCS1
  ClientUserid:         USER1
  PolicyServerAddr      9.42.104.23
  PolicyServerPort:     8211              PolicyServSysname: VIC137
  ClientSSLActive:      True
  ConnectTime:          Fri Sep 18 13:29:51 2011
  ApplyFlush:           False
  ApplyPurge:           False
  AtomicParse:          True              DeleteOnNoflush:   True
  DummyOnEmptyPolicy:   True              ModifyOnIDChange:  False
  IpSecEnabled IPv4:    True              IpSecEnabled IPv6: False
  IpSec3DESEnabled:     True              IpSecAESEnabled:   True
  IpSecAESGCM16Enabled: True
  UpdateInterval:       300
  InstanceId:           1253294993
  LastPolicyChanged:    Fri Sep 18 13:29:53 2011
  IpFilter Policy Object:
   Configured:          True              PreDecapOn:        Off
   FilterLogging:       On                FilterLogImplicit: No
   AllowOnDemand:       No                ImplDiscardAction: Silent
   FIPS140:             No
  KeyExchange Policy Object:
   Configured:          True
   AllowNat:            No                NatKeepAliveIntvl: 20
   HowToInitiate:       Main              LivenessInterval:  30
   BypassIpValidation:  No                CertURLLookupPref: Tolerate
   RevocationChecking:  Loose
  LocalDynVpn Policy Object:
   Configured:          True
  Policy updated:       Fri Sep 18 13:29:53 2011

Routing Policy Object:
  ConfigLocation:       Local             LDAPServer:        False
  CommonFileName:
  ImageFileName:        /usr/lpp/tcpip/samples/pagent_Routing.conf
  ApplyFlush:           True              PolicyFlush:       True
  ApplyPurge:           True              PurgePolicies:     False
  AtomicParse:          True              DeleteOnNoflush:   False
  DummyOnEmptyPolicy:   True              ModifyOnIDChange:  False
  Configured:           True              UpdateInterval:    120
  InstanceId:           1253294871
  LastPolicyChanged:    Fri Sep 18 13:27:51 2011

TTLS Policy Object:
  ConfigLocation:       Remote            LDAPServer:        False
  ClientName:           VIC136_TCPCS1
  ClientUserid:         USER1
  PolicyServerAddr      9.42.104.23
  PolicyServerPort:     8211              PolicyServSysname: VIC137
  ClientSSLActive:      True
  ConnectTime:          Fri Sep 18 13:29:51 2011
  ApplyFlush:           True              PolicyFlush:       True
  ApplyPurge:           True              PurgePolicies:     True
  AtomicParse:          True              DeleteOnNoflush:   False
  DummyOnEmptyPolicy:   True              ModifyOnIDChange:  False
  Configured:           True              UpdateInterval:    300
  TTLS Enabled:         False
  InstanceId:           1253294993
  LastPolicyChanged:    Fri Sep 18 13:29:53 2011Start of change

ZERT Policy Object:                                               
  ConfigLocation:       Local             LDAPServer:        False
  ImageFileName:        /u/user1/pagent/policy_demo.zpe           
  ApplyFlush:           True              PolicyFlush:       True 
  ApplyPurge:           True              PurgePolicies:     False
  AtomicParse:          True              DeleteOnNoflush:   False
  DummyOnEmptyPolicy:   True              ModifyOnIDChange:  False
  Configured:           True              UpdateInterval:    99999
  ZERT Enabled:         True                                      
  InstanceId:           1609939310                                 
  LastPolicyChanged:    Wed Jan  6 08:21:50 2021End of change
The following example shows active QoS policies for TCP image TCPCS:
========================================================================
================== pasearch -q -p TCPCS1 ===============================
========================================================================

TCP/IP pasearch CS V2R4                  Image Name: TCPCS1
  Date:                 09/18/2011        Time:  13:30:32
  QoS Instance Id:      1253294875

policyRule:             web-catalog-rule
  Rule Type:            QoS
  Version:              3                 Status:            Active
  Distinguish Name:     cn=web-catalog-rule,cn=QoS,cn=advanced,ou=policy,o=IBM,c=US
  Group Distinguish Nm: cn=main,cn=QoS,cn=advanced,ou=policy,o=IBM,c=US
  Weight:               110               ForLoadDist:       False
  Priority:             10                Sequence Actions:  Don't Care
  No. Policy Action:    1                 ConditionListType: DNF
  policyAction:         interactive1-action
   ActionType:          QOS
   Action Sequence:     1
  Time Periods:
   Day of Month Mask:
   First to Last:       1111111111111111111111111111111
   Last to First:       1111111111111111111111111111111
   Month of Yr Mask:    111111111111
   Day of Week Mask:    1111111  (Sunday - Saturday)
   Start Date Time:     None
   End Date Time:       None
   Fr TimeOfDay:        00:00             To TimeOfDay:      24:00
   Fr TimeOfDay UTC:    04:00             To TimeOfDay UTC:  04:00
   TimeZone:            Local
  Net Condition Summary:                  NegativeIndicator: Off
   RouteCondition:
    InInterface:        All
    OutInterface:       All
    IncomingTOS:        00000000          IncomingTOSMask:   0
   HostCondition:
    SourceIpFrom:       All
    SourceIpTo:         All
    DestIpFrom:         All
    DestIpTo:           All
    DestHostDomainName:
   ApplicationCondition:
    ProtocolNumFrom:    6                 ProtocolNumTo:     6
    SourcePortFrom:     80                SourcePortTo:      80
    DestPortFrom:       0                 DestPortTo:        0
    ApplicationName:                      ApplPriority:      0
    ApplicationData:    /catalog
  Policy created: Fri Sep 18 13:27:55 2011
  Policy updated: Fri Sep 18 13:27:55 2011

  Qos Action:           interactive1-action
    Version:            3                 Status:            Active
    Distinguish Name:   cn=interactive1,cn=QoSact,cn=repository,o=IBM,c=US
    Scope:              DataTraffic       OutgoingTOS:       10000000
    Permission:         Allowed
    MaxRate:            0                 MinRate:           0
    MaxConn:            0
    Routing Interfaces: 0
    RSVP Attributes:
     ServiceType:       0                 MaxRatePerFlow:    0
     MaxTokBuckPerFlw:  0                 MaxFlows:          0
     SignalClient:      True
    DiffServ Attributes:
     InProfRate:        0                 InProfPeakRate:    0
     InProfTokBuck:     0                 InProfMaxPackSz:   0
     OutProfXmtTOSByte: 00000000          ExcessTrafficTr:   BestEffort
    Policy created: Fri Sep 18 13:27:55 2011
    Policy updated: Fri Sep 18 13:27:55 2011
The following example shows active KeyExchange policies:
========================================================================
================== pasearch -v k =======================================
========================================================================

TCP/IP pasearch CS V2R4                  Image Name: TCPCS1
  Date:                 09/18/2011        Time:  13:30:32
  IPSec Instance Id:    1253294993

policyRule:             Admin_KeyExRule1
  Rule Type:            KeyExchange
  Version:              3                 Status:            Active
  Weight:               105               ForLoadDist:       False
  Priority:             5                 Sequence Actions:  Don't Care
  No. Policy Action:    1
  IpSecType:            policyKeyExchange
  policyAction:         Bronze-PSK
   ActionType:          KeyExchange
   Action Sequence:     0
  Time Periods:
   Day of Month Mask:   0000000000000000000000000000000
   Month of Yr Mask:    000000000000
   Day of Week Mask:    0000000  (Sunday - Saturday)
   Start Date Time:     None
   End Date Time:       None
   Fr TimeOfDay:        00:00             To TimeOfDay:      00:00
   Fr TimeOfDay UTC:    00:00             To TimeOfDay UTC:  00:00
   TimeZone:            Local
  IpSec Condition Summary:                NegativeIndicator: Off
   KeyExchange Condition:
    LocalSecurityEndPoint:
     Location:
      FromAddr:         All4
      ToAddr:           All4
     Identity:
      UserAtFqdn:
       admin@secureserver.raleigh.ibm.com
    RemoteSecurityEndPoint:
     Location:
      FromAddr:         9.1.1.2
      ToAddr:           9.1.1.2
     Identity:
      IpAddr:
       FromAddr:        9.1.1.2
       ToAddr:          9.1.1.2
  Policy created: Fri Sep 18 13:29:53 2011
  Policy updated: Fri Sep 18 13:29:53 2011

  KeyExchange Action:   Bronze-PSK
    Version:            3                 Status:            Active
    HowToInitiate:      Aggressive        HowToRespondIKEv1: Aggressive
    AllowNat:           No                FilterByIdentity:  No
    HowToAuthMe:        RsaSignature      ReauthInterval:    0
    BypassIpValidation: No                CertURLLookupPref: Tolerate
    KeyExchangeOffer:   0
     HowToEncrypt:      DES               KeyLength:         N/A
     HowToAuthPeers:    PresharedKey      DHGroup:           Group1
     HowToAuthMsgs:     SHA1
     HowToVerifyMsgs:   HMAC_SHA1_96      PseudoRandomFunc:  HMAC_SHA1
     RefLifeTmPropose:  480
     RefLifeTmAcptMin:  240               RefLifeTmAcptMax:  1440
     RefLifeSzPropose:  None
     RefLifeSzAccept :  None
    Policy created: Fri Sep 18 13:29:53 2011
    Policy updated: Fri Sep 18 13:29:53 2011
The following example shows an active LocalDynVpn policy rule:
========================================================================
================== pasearch -v l =======================================
========================================================================

TCP/IP pasearch CS V2R4                  Image Name: TCPCS1
  Date:                 09/18/2011        Time:  13:30:32
  IPSec Instance Id:    1253294993

policyRule:             ZoneC_VPN-EE1
  Rule Type:            LocalDynVpn
  Version:              3                 Status:            Active
  GroupName:            ZoneC_BranchOfficeVPNs
  Weight:               108               ForLoadDist:       False
  Priority:             8                 Sequence Actions:  Don't Care
  No. Policy Action:    0
  IpSecType:            policyDynamicVpn
  Time Periods:
   Day of Month Mask:   0000000000000000000000000000000
   Month of Yr Mask:    000000000000
   Day of Week Mask:    0000000  (Sunday - Saturday)
   Start Date Time:     None
   End Date Time:       None
   Fr TimeOfDay:        00:00             To TimeOfDay:      00:00
   Fr TimeOfDay UTC:    00:00             To TimeOfDay UTC:  00:00
   TimeZone:            Local
  IpSec Condition Summary:                NegativeIndicator: Off
   LocalDynVpn Condition:
    LocalIp:
     FromAddr:          9.3.3.3
     ToAddr:            9.3.3.3
    RemoteIp:
     FromAddr:          9.5.0.0
     Prefix:            16
    LocalDataPort:      12000             RemoteDataPort:    12000
    AutoActivate:       Yes
    Protocol:           UDP  (17)
  Policy created: Fri Sep 18 13:29:53 2011
  Policy updated: Fri Sep 18 13:29:53 2011
The following example shows all active IPSec policies names:
========================================================================
================== pasearch -v a -n ====================================
========================================================================

TCP/IP pasearch CS V2R4                  Image Name: TCPCS1
  Date:                 09/18/2011        Time:  13:30:32
  IPSec Instance Id:    1253294993

policyRule:             Rule1Admin
  IpFilter Action:      permit

policyRule:             Rule2Admin
  IpFilter Action:      ipsec
  IpFilter Action:      Silver-TransportMode

policyRule:             Rule1A
  IpFilter Action:      permit

policyRule:             Rule2A
  IpFilter Action:      ipsec
  IpFilter Action:      Bronze-TransportMode

policyRule:             Rule1B
  IpFilter Action:      permit

policyRule:             Rule2B
  IpFilter Action:      ipsec
  IpFilter Action:      Gold-TransportMode

policyRule:             Rule1C
  IpFilter Action:      permit

policyRule:             Rule2C
  IpFilter Action:      ipsec
  IpFilter Action:      Gold-TunnelMode
  IpFilter Action:      StartZoneC

policyRule:             Rule1DtoC
  IpFilter Action:      permit

policyRule:             Rule2DtoC
  IpFilter Action:      ipsec
  IpFilter Action:      Gold-TunnelMode
  IpFilter Action:      StartZoneDtoZoneC

policyRule:             Rule1N
  IpFilter Action:      permit

policyRule:             Rule2N
  IpFilter Action:      ipsec
  IpFilter Action:      Gold-TransportMode

policyRule:             Rule1All-IPv4-Permit
  IpFilter Action:      permit

policyRule:             Rule2All-IPv4-Deny
  IpFilter Action:      deny-log

policyRule:             Rule1All-IPv6-Permit
  IpFilter Action:      permit

policyRule:             Rule2All-IPv6-Deny
  IpFilter Action:      deny-log

policyRule:             DenyAllRule_Generated___________Inbnd

policyRule:             DenyAllRule_Generated___________Outbnd

policyRule:             Admin_KeyExRule1
  KeyExchange Action:   Bronze-PSK

policyRule:             ZoneA_KeyExRule1
  KeyExchange Action:   Silver-RSA

policyRule:             ZoneB_KeyExRule1
  KeyExchange Action:   Gold-RSA

policyRule:             ZoneC_KeyExRule1
  KeyExchange Action:   Gold-RSA

policyRule:             ZoneN_KeyExRule1
  KeyExchange Action:   Gold-RSA-AllowNat

policyRule:             ZoneC_VPN-EE1

policyRule:             ZoneC_VPN-EE2

policyRule:             ZoneC_VPN-EE3

policyRule:             ZoneC_VPN-EE4

policyRule:             ZoneC_VPN-EE5

policyRule:             ZoneC_VPN-FTP-Data

policyRule:             ZoneC_VPN-FTP-Control

policyRule:             ZoneC_VPN-CICS-3000
The following example shows active IPFilter policies with Policy Action scope of DynamicVpn.
========================================================================
================== pasearch -s DynamicVpn -v f =========================
========================================================================

TCP/IP pasearch CS V2R4                  Image Name: TCPCS1
  Date:                 09/18/2011        Time:  13:30:32
  IPSec Instance Id:    1253294993

policyRule:             Rule2Admin
  Rule Type:            IpFilter
  Version:              3                 Status:            Active
  GroupName:            Admin
  Weight:               119               ForLoadDist:       False
  Priority:             19                Sequence Actions:  Don't Care
  No. Policy Action:    2                 ConditionListType: CNF
  IpSecType:            policyIpFilter
  policyAction:         ipsec
   ActionType:          IpFilter GenericFilter
   Action Sequence:     0
  policyAction:         Silver-TransportMode
   ActionType:          IpFilter DynamicVpn
   Action Sequence:     0
  Time Periods:
   Day of Month Mask:
   First to Last:       1111111111111111111111111111111
   Last to First:       1111111111111111111111111111111
   Month of Yr Mask:    111111111111
   Day of Week Mask:    1111111  (Sunday - Saturday)
   Start Date Time:     None
   End Date Time:       None
   Fr TimeOfDay:        00:00             To TimeOfDay:      24:00
   Fr TimeOfDay UTC:    04:00             To TimeOfDay UTC:  04:00
   TimeZone:            Local
  IpSec Condition Summary:                NegativeIndicator: Off
   IpFilter Condition:
    Source Address:
    Destination Address:
    Service Condition:
     Protocol:          0
     Direction:         0
     RouteType:         0                 SecurityClass:     0
     FragmentsOnly:     No
  Condition Work Level:      0
    Group Number:       0                 Cond Count:        2
    Ignore:             No
  IpSec Condition Work Summary:           NegativeIndicator: Off
   IpFilter Condition:
    Source Address:
    Destination Address:
    Service Condition:
     Protocol:          0
     Direction:         0
     RouteType:         0                 SecurityClass:     0
     FragmentsOnly:     No
  IpSec Condition Work:                   NegativeIndicator: Off
   IpFilter Condition:
    Source Address:
     FromAddr:          9.1.1.1
     ToAddr:            9.1.1.1
    Destination Address:
    Service Condition:
     Protocol:          0
     Direction:         0
     RouteType:         0                 SecurityClass:     0
     FragmentsOnly:     No
  Condition Work Level:      1
    Group Number:       1                 Cond Count:        2
    Ignore:             No
  IpSec Condition Work Summary:           NegativeIndicator: Off
   IpFilter Condition:
    Source Address:
    Destination Address:
    Service Condition:
     Protocol:          0
     Direction:         0
     RouteType:         0                 SecurityClass:     0
     FragmentsOnly:     No
  IpSec Condition Work:                   NegativeIndicator: Off
   IpFilter Condition:
    Source Address:
    Destination Address:
     FromAddr:          9.1.1.2
     ToAddr:            9.1.1.2
    Service Condition:
     Protocol:          0
     Direction:         0
     RouteType:         0                 SecurityClass:     0
     FragmentsOnly:     No
  Condition Work Level:      2
    Group Number:       3                 Cond Count:        2
    Ignore:             No
  IpSec Condition Work Summary:           NegativeIndicator: Off
   IpFilter Condition:
    Source Address:
    Destination Address:
    Service Condition:
     Protocol:          0
     Direction:         0
     RouteType:         0                 SecurityClass:     0
     FragmentsOnly:     No
  IpSec Condition Work:                   NegativeIndicator: Off
   IpFilter Condition:
    Source Address:
    Destination Address:
    Service Condition:
     Protocol:          All
     Direction:         Bidirectional
     RouteType:         Local             SecurityClass:     0
     FragmentsOnly:     No
  Policy created: Fri Sep 18 13:29:53 2011
  Policy updated: Fri Sep 18 13:29:53 2011

  IpFilter Action:      ipsec
    Version:            3                 Status:            Active
    Scope:              GenericFilter
    ipFilterAction:     IPSec             IpFilterLogging:   Yes Logdeny
    DiscardAction:      Silent
    Policy created: Fri Sep 18 13:29:53 2011
    Policy updated: Fri Sep 18 13:29:53 2011

  IpFilter Action:      Silver-TransportMode
    Version:            3                 Status:            Active
    Scope:              DynamicVpn
    Initiation:         Either            VpnLife:           1440
    AcceptablePfs:      None
    InitiateWithPfs:    None              IpDataOfferNum:    1
    PassthroughDSCP:    Yes               PassthroughDF:     Yes
    HowToEncapIKEv2:    Either
    IPDataOffer:        0
     HowToEncap:        Transport
     HowToEncrypt:      DES               KeyLength:         N/A
     HowToAuth:         ESP               HowToAuthAlgr:     HMAC_SHA1
     RefLifeTmPropose:  240
     RefLifeTmAcptMin:  120               RefLifeTmAcptMax:  480
     RefLifeSzPropose:  None
     RefLifeSzAccept :  None
    Policy created: Fri Sep 18 13:29:53 2011
    Policy updated: Fri Sep 18 13:29:53 2011
The following example shows active IDS policies whose names match the prefix AttackMalformed:
========================================================================
================== pasearch -i -w -f AttackMalformed ===================
========================================================================

TCP/IP pasearch CS V2R4                  Image Name: TCPCS2                   
  Date:                 09/28/2011        Time:  12:01:32 
  IDS Instance Id:      1285689675

policyRule:             AttackMalformed-rule                           
  Rule Type:            IDS                                            
  Version:              4                 Status:            Active          
  Weight:               102               ForLoadDist:       False 
  Priority:             2                 Sequence Actions:  Don't Care  
  No. Policy Action:    1
  IdsType:              policyIdsAttack                  
  policyAction:         Attack-action                                  
   ActionType:          IDS             
   Action Sequence:     0               
  Time Periods:
   Day of Month Mask:
   First to Last:       1111111111111111111111111111111
   Last to First:       1111111111111111111111111111111
   Month of Yr Mask:    111111111111    
   Day of Week Mask:    1111111  (Sunday - Saturday)
   Start Date Time:     None            
   End Date Time:       None            
   Fr TimeOfDay:        00:00             To TimeOfDay:      24:00           
   Fr TimeOfDay UTC:    04:00             To TimeOfDay UTC:  04:00           
   TimeZone:            Local           
  Ids Condition Summary:                  NegativeIndicator: Off
   Attack Condition:
    IdsAttackType:      MALFORMED_PACKET                                       
  Policy created: Tue Sep 28 12:01:15 2011
  Policy updated: Tue Sep 28 12:01:15 2011

  Ids Action:             Attack-action                                  
    Version:              4               Status:            Active  
    Attack ActionType:    NoDiscard      
    TypeActions:          Statistics Log                                         
    StatType:             Exception       StatInterval:      60              
    LogDetail:            No              LoggingLevel:      1               
    Policy created: Tue Sep 28 12:01:15 2011
    Policy updated: Tue Sep 28 12:01:15 2011
The following example shows active IDS rules and actions configured from the IDS configuration file:
========================================================================
================== pasearch -i  ========================================
========================================================================

TCP/IP pasearch CS V2R4                  Image Name: TCPCS2                   
  Date:                 09/28/2011        Time:  12:01:55 
  IDS Instance Id:      1285689675

policyRule:             ScanEventLowTcp-rule                           
  Rule Type:            IDS                                            
  Version:              4                 Status:            Active          
  Weight:               102               ForLoadDist:       False 
  Priority:             2                 Sequence Actions:  Don't Care  
  No. Policy Action:    1
  IdsType:              policyIdsScanEvent               
  policyAction:         ScanEventLow-action                            
   ActionType:          IDS             
   Action Sequence:     0               
  Time Periods:
   Day of Month Mask:
   First to Last:       1111111111111111111111111111111
   Last to First:       1111111111111111111111111111111
   Month of Yr Mask:    111111111111    
   Day of Week Mask:    1111111  (Sunday - Saturday)
   Start Date Time:     None            
   End Date Time:       None            
   Fr TimeOfDay:        00:00             To TimeOfDay:      24:00           
   Fr TimeOfDay UTC:    04:00             To TimeOfDay UTC:  04:00           
   TimeZone:            Local           
  Ids Condition Summary:                  NegativeIndicator: Off
   ScanEvent Condition:
    Sensitivity:        Low             
    Protocol:           TCP  (6)        
    LocalPortFrom:      1                 LocalPortTo:       1023  
    LocalHostAddress:
     FromAddr:          All                                           
     ToAddr:            All                                           
  Policy created: Tue Sep 28 12:01:15 2011
  Policy updated: Tue Sep 28 12:01:15 2011

  Ids Action:             ScanEventLow-action                            
    Version:              4               Status:            Active  
    ScanEvent ActionType: Count          
    Policy created: Tue Sep 28 12:01:15 2011
    Policy updated: Tue Sep 28 12:01:15 2011
The following example shows active AT-TLS policies:
========================================================================
================== pasearch -t  ========================================
========================================================================

policyRule:             Secure_Telnet_23_Debug
  Rule Type:            TTLS
  Version:              3                 Status:            Active
  Weight:               20                ForLoadDist:       False
  Priority:             20                Sequence Actions:  Don't Care
  No. Policy Action:    3
  policyAction:         grp_Production
   ActionType:          TTLS Group
   Action Sequence:     0
  policyAction:         Secure_Telnet_Env
   ActionType:          TTLS Environment
   Action Sequence:     0
  policyAction:         Secure_Telnet_Conn_Debug
   ActionType:          TTLS Connection
   Action Sequence:     0
  Time Periods:
   Day of Month Mask:
   First to Last:       1111111111111111111111111111111
   Last to First:       1111111111111111111111111111111
   Month of Yr Mask:    111111111111
   Day of Week Mask:    1111111  (Sunday - Saturday)
   Start Date Time:     None
   End Date Time:       None
   Fr TimeOfDay:        00:00             To TimeOfDay:      24:00
   Fr TimeOfDay UTC:    04:00             To TimeOfDay UTC:  04:00
   TimeZone:            Local
  TTLS Condition Summary:                 NegativeIndicator: Off
   Local Address:
    FromAddr:           10.1.2.3
    ToAddr:             10.1.2.3
   Remote Address:
    FromAddr:           10.45.23.10
    ToAddr:             10.45.23.10
   LocalPortFrom:       23                LocalPortTo:       23
   RemotePortFrom:      0                 RemotePortTo:      0
   JobName:                               UserId:
   ServiceDirection:    Inbound
  Policy created: Wed Mar  9 06:31:13 2011
  Policy updated: Wed Mar  9 06:31:13 2011

  TTLS Action:                  grp_Production
    Version:                    3
    Status:                     Active
    Scope:                      Group
    TTLSEnabled:                On
    CtraceClearText:            Off
    Trace:                      2
    FIPS140:                    Off
    TTLSGroupAdvancedParms:
     SecondaryMap:              Off
     SyslogFacility:            Daemon
    Policy created: Wed Mar  9 06:31:13 2011
    Policy updated: Wed Mar  9 06:31:13 2011

  TTLS Action:                  Secure_Telnet_Env
    Version:                    3
    Status:                     Active
    Scope:                      Environment
    HandshakeRole:              Server
    SuiteBProfile:              Off
    TTLSKeyringParms:
     Keyring:                   TCPCSsafkeyring
    TTLSEnvironmentAdvancedParms:
     SSLv2:                     Off
     SSLv3:                     On
     TLSv1:                     On
     TLSv1.1:                   On
     TLSv1.2:                   On
     TLSv1.3:                   On
     MiddleBoxCompatMode:       On
     ApplicationControlled:     On
     HandshakeTimeout:          5
     ClientAuthType:            Required
     ResetCipherTimer:          0
     TruncatedHMAC:             Off
     CertValidationMode:        Any
     ServerMaxSSLFragment:      Off
     ClientMaxSSLFragment:      Off
     ServerHandshakeSNI:        Off
     ClientHandshakeSNI:        OffStart of change
     ClientExtendedMasterSecret: On
     ServerExtendedMasterSecret: OnEnd of change
     Renegotiation:             Default
     RenegotiationIndicator:    Optional
     RenegotiationCertCheck:    Off
     3DesKeyCheck:              Off                                
     ClientEDHGroupSize:        Legacy                    
     ServerEDHGroupSize:        Legacy                    
     PeerMinCertVersion:        Any                       
     PeerMinDHKeySize:          1024                      
     PeerMinDsaKeySize:         1024                      
     PeerMinECCKeySize:         192                       
     PeerMinRsaKeySize:         1024                      
     ServerScsv:                Off 
    TTLSSignatureParms:                                  
     ClientECurves:                                      
      0019  secp192r1                                    
      0021  secp224r1                                    
      0023  secp256r1   
      0024  secp384r1
      0025  secp521r1
     ClientKeyShareGroups:      
      0025  secp521r1
     ServerKeyShareGroups:      
      0025  secp521r1
     SignaturePairs:                                     
      0401  TLS_SIGALG_SHA256_WITH_RSA                   
      0403  TLS_SIGALG_SHA256_WITH_ECDSA                 
      0501  TLS_SIGALG_SHA384_WITH_RSA                   
      0503  TLS_SIGALG_SHA384_WITH_ECDSA
      0804  TLS_SIGALG_SHA256_WITH_RSASSA_PSS   
     SignaturePairsCert: 
      0401  TLS_SIGALG_SHA256_WITH_RSA
    TTLSGskAdvancedParms:
     GSK_SYSPLEX_SIDCACHE:      Off
     GSK_V3_SESSION_TIMEOUT:    86400
     GSK_V3_SIDCACHE_SIZE:      512
     GSK_SESSION_TICKET_CLIENT_ENABLE:      On
     GSK_SESSION_TICKET_CLIENT_MAXSIZE:     8192
     GSK_SESSION_TICKET_SERVER_ENABLE:      On
     GSK_SESSION_TICKET_SERVER_ALGORITHM:   AESCBC128
     GSK_SESSION_TICKET_SERVER_COUNT:       2
     GSK_SESSION_TICKET_SERVER_KEY_REFRESH: 300
     GSK_SESSION_TICKET_SERVER_TIMEOUT:     300                            
     TTLSGskHttpCdpParms:                                 
      HttpCdpEnable:            Off                       
      HttpCdpProxyServerPort:   80                        
      HttpCdpResponseTimeout:   15                        
      HttpCdpMaxResponseSize:   204800                    
      HttpCdpCacheSize:         32                        
      HttpCdpCacheEntryMaxsize: 0 
     TTLSGskOcspParms:                                    
      OcspAiaEnable:            Off                       
      OcspProxyServerPort:      80                        
      OcspRetrieveViaGet:       Off                       
      OcspUrlPriority:          On                        
      OcspRequestSigalg:                                  
       0401  TLS_SIGALG_SHA256_WITH_RSA                           
      OcspClientCacheSize:      256                               
      OcspCliCacheEntryMaxsize: 0                                 
      OcspNonceGenEnable:       Off                               
      OcspNonceCheckEnable:     Off                               
      OcspNonceSize:            8                                 
      OcspResponseTimeout:      15                                
      OcspMaxResponseSize:      20480     
      OcspServerStapling:       Off
    EnvironmentUserInstance:    0
    Policy created: Wed Mar  9 06:31:13 2011
    Policy updated: Wed Mar  9 06:31:13 2011

  TTLS Action:                  Secure_Telnet_Conn_Debug
    Version:                    3
    Status:                     Active
    Scope:                      Connection
    CtraceClearText:            On
    Trace:                      254
    Policy created: Wed Mar  9 06:31:13 2011
    Policy updated: Wed Mar  9 06:31:13 2011
The following example shows active routing policies:
========================================================================
================== pasearch -R  ========================================
========================================================================

TCP/IP pasearch CS V2R4                  Image Name: TCPCS3
  Date:                 10/12/2012        Time:  11:00:46              
  Routing Instance Id:  1350050178                                     
                                                                       
policyRule:             GenericRoutingRule                             
  Rule Type:            Routing                                        
  Version:              4                 Status:            Active    
  Weight:               10                ForLoadDist:       False     
  Priority:             10                Sequence Actions:  Don't Care
  No. Policy Action:    1                                              
  policyAction:         GenericRoutingAction                           
   ActionType:          Routing                                        
   Action Sequence:     0                                              
  Time Periods:                                                        
   Day of Month Mask:                                                  
   First to Last:       1111111111111111111111111111111                
   Last to First:       1111111111111111111111111111111                
   Month of Yr Mask:    111111111111                                   
   Day of Week Mask:    1111111  (Sunday - Saturday)                   
   Start Date Time:     None                                           
   End Date Time:       None                                           
   Fr TimeOfDay:        08:00             To TimeOfDay:      17:00     
   Fr TimeOfDay UTC:    11:00             To TimeOfDay UTC:  20:00     
   TimeZone:            Local                                          
  Routing Condition Summary:              NegativeIndicator: Off       
   IpSourceAddr Address:                                               
    FromAddr:           All                                            
    ToAddr:             All                                            
   IpDestAddr Address:                                                 
    FromAddr:           0.0.0.0                                        
    Prefix:             0                                              
   TrafficDescriptor:                                                  
    Protocol:           TCP  (6)                                       
    SourcePortFrom      111               SourcePortTo       111       
    DestinationPortFrom 1024              DestinationPortTo  65535     
    JobName             JOB1              SecurityZone       SECZONE   
    SecurityLabel       SECLABEL                                       
  Policy created: Fri Oct 12 10:56:18 2012                             
  Policy updated: Fri Oct 12 10:56:18 2012                             
                                                                       
  Routing Action:       GenericRoutingAction                           
    Version:            4                 Status:            Active    
    UseMainRouteTable   Yes                                            
    RouteTable:         RtTbl1                                         
    RouteTable:         RtTbl2                                         
    RouteTable:         RtTbl3                                         
    Policy created: Fri Oct 12 10:56:18 2012                           
    Policy updated: Fri Oct 12 10:56:18 2012
The following example shows active route tables:
========================================================================
================== pasearch -T  ========================================
========================================================================

TCP/IP pasearch CS V2R4                  Image Name: TCPCS3
  Date:                 10/12/2012        Time:  11:03:00           
  Routing Instance Id:  1350050178                                  
                                                                    
  Route Table:           RtTbl1                                     
    Version:             1                 Status:            Active
    IPv4 table           Active                                     
    IgnorePathMtuUpdate  No                                         
    MultiPath            PerConnection     DynamicXCFRoutes   No    
    IPv6 table           Active                                     
    IgnorePathMtuUpdate6 No                                         
    MultiPath6           PerConnection     DynamicXCFRoutes6  No    
    Route (IPv4)                                                    
     Destination:                                                   
      ipaddress            1.1.1.1                                  
     First Hop:                                                     
      gateway_addr         =                                        
      link_name            LINK1                                    
     MTU size              1492                                     
     Replaceable           No                                       
     MaximumRetransmitTime 120.000                                  
     MinimumRetransmitTime 0.500                                    
     RoundTripGain         0.125                                    
     VarianceGain          0.250                                    
     VarianceMultiplier    2.000                                    
     DelayAcks             Yes                                      
    Route (IPv4)                                                    
     Destination:                                                   
      ipaddress            1.0.0.0                                  
      Prefix               8                                        
     First Hop:                                                     
      gateway_addr         2.2.2.2                                  
      link_name            LINK2                                    
     MTU size              1492                                     
     Replaceable           No                                       
     MaximumRetransmitTime 120.000                                  
     MinimumRetransmitTime 0.500                                    
     RoundTripGain         0.125                                    
     VarianceGain          0.250                                    
     VarianceMultiplier    2.000                                    
     DelayAcks             Yes                                      
    Route (IPv4)                                                    
     Destination           Default                                  
     First Hop:                                                     
      gateway_addr         4.4.4.4                                  
      link_name            LINK4                                    
     MTU size              DEFAULTSIZE                              
     Replaceable           No                                       
     MaximumRetransmitTime 120.000                                  
     MinimumRetransmitTime 0.500                                    
     RoundTripGain         0.125                                    
     VarianceGain          0.250                                    
     VarianceMultiplier    2.000                                    
     DelayAcks             Yes                                      
    Route (IPv6)                                                    
     Destination:                                                   
      ipaddress            2001:db8:0:0:1::                         
      Prefix               80                                       
     First Hop:                                                     
      gateway_addr         fe80::2:2:2:2                            
      link_name            LINK2V6                                  
     MTU size              5000                                     
     Replaceable           No                                       
     MaximumRetransmitTime 120.000                                  
     MinimumRetransmitTime 0.500                                    
     RoundTripGain         0.125                                    
     VarianceGain          0.250                                    
     VarianceMultiplier    2.000                                    
     DelayAcks             Yes                                      
    Route (IPv6)                                                    
     Destination           Default6                                 
     First Hop:                                                     
      gateway_addr         fe80::4:4:4:4                            
      link_name            LINK4V6                                  
     MTU size              DEFAULTSIZE                              
     Replaceable           No                                       
     MaximumRetransmitTime 120.000                                  
     MinimumRetransmitTime 0.500                                    
     RoundTripGain         0.125                                    
     VarianceGain          0.250                                    
     VarianceMultiplier    2.000                                    
     DelayAcks             Yes                                      
    Policy created: Fri Oct 12 10:56:18 2012                        
    Policy updated: Fri Oct 12 10:56:18 2012                        
                                                                    
  Route Table:           RtTbl2                                     
    Version:             1                 Status:            Active
    IPv4 table           Active                                     
    IgnorePathMtuUpdate  No                                         
    MultiPath            UseGlobal         DynamicXCFRoutes   No    
    IPv6 table           Active                                     
    IgnorePathMtuUpdate6 No                                         
    MultiPath6           UseGlobal         DynamicXCFRoutes6  No    
    DynamicRoutingParms (IPv4)                                      
     link_name             LINK1     IPv4                           
    DynamicRoutingParms (IPv4)                                      
     link_name             LINK2                                    
     gateway_addr          2.1.1.1                                  
    DynamicRoutingParms (IPv4)                                      
     link_name             LINK2                                    
     gateway_addr          2.2.2.2                                  
    DynamicRoutingParms (IPv6)                                      
     link_name             LINK1V6     IPv6                         
    DynamicRoutingParms (IPv6)                                      
     link_name             LINK2V6                                  
     gateway_addr          fe80::2:1:1:1                            
    Policy created: Fri Oct 12 10:56:18 2012                        
    Policy updated: Fri Oct 12 10:56:18 2012                        
                                                                    
  Route Table:           RtTbl3                                     
    Version:             1                 Status:            Active
    IPv4 table           Active                                     
    IgnorePathMtuUpdate  No                                         
    MultiPath            UseGlobal         DynamicXCFRoutes   No    
    IPv6 table           Active                                     
    IgnorePathMtuUpdate6 No                                         
    MultiPath6           UseGlobal         DynamicXCFRoutes6  No    
    Route (IPv4)                                                    
     Destination:                                                   
      ipaddress            1.1.1.1                                  
     First Hop:                                                     
      gateway_addr         =                                        
      link_name            LINK1                                    
     MTU size              1492                                     
     Replaceable           No                                       
     MaximumRetransmitTime 120.000                                  
     MinimumRetransmitTime 0.500                                    
     RoundTripGain         0.125                                    
     VarianceGain          0.250                                    
     VarianceMultiplier    2.000                                    
     DelayAcks             Yes                                      
    Route (IPv4)                                                    
     Destination:                                                   
      ipaddress            1.1.0.0                                  
      Prefix               16                                       
     First Hop:                                                     
      gateway_addr         2.2.2.2                                  
      link_name            LINK2                                    
     MTU size              1492                                     
     Replaceable           Yes                                      
     MaximumRetransmitTime 120.000                                  
     MinimumRetransmitTime 0.500                                    
     RoundTripGain         0.125                                    
     VarianceGain          0.250                                    
     VarianceMultiplier    2.000                                    
     DelayAcks             Yes                                      
    Route (IPv6)                                                    
     Destination:                                                   
      ipaddress            2001:db8::1:1:0:0                        
      Prefix               96                                       
     First Hop:                                                     
      gateway_addr         fe80::2:2:2:2                            
      link_name            LINK2V6                                  
     MTU size              5000                                     
     Replaceable           Yes                                      
     MaximumRetransmitTime 120.000                                  
     MinimumRetransmitTime 0.500                                    
     RoundTripGain         0.125                                    
     VarianceGain          0.250                                    
     VarianceMultiplier    2.000                                    
     DelayAcks             Yes                                      
    DynamicRoutingParms (IPv4)                                      
     link_name             LINK2     IPv4                           
    DynamicRoutingParms (IPv6)                                      
     link_name             LINK2V6     IPv6                         
    Policy created: Fri Oct 12 10:56:18 2012                        
    Policy updated: Fri Oct 12 10:56:18 2012
Start of changeThe following example shows active ZERT policies:
========================================================================
================== pasearch -z  ========================================
========================================================================

TCP/IP pasearch CS V2R5                  Image Name: TCPCS
  Date:                 08/31/2020        Time:  09:08:00           
  Routing Instance Id:  1598879242                                  
                                                                    
policyRule:             ZERTRule                    
  Rule Type:            ZERT                                           
  Version:              4                 Status:            Active    
  Weight:               200               ForLoadDist:       False     
  Priority:             100               Sequence Actions:  Don't Care
  No. Policy Action:    1                                              
  policyAction:         Allow                                          
   ActionType:          ZERT                                           
   Action Sequence:     0                                              
  Time Periods:                                                        
   Day of Month Mask:                                                  
   First to Last:       1111111111111111111111111111111                
   Last to First:       1111111111111111111111111111111                
   Month of Yr Mask:    111111111111
   Day of Week Mask:    1111111  (Sunday - Saturday)                   
   Start Date Time:     None                                           
   End Date Time:       None                                           
   Fr TimeOfDay:        00:00             To TimeOfDay:      24:00     
   Fr TimeOfDay UTC:    04:00             To TimeOfDay UTC:  04:00     
   TimeZone:            Local                                          
  ZERT Condition Summary:                 NegativeIndicator: Off       
   Local Address:                                                      
    FromAddr:           All                                            
    ToAddr:             All                                            
   Remote Address:                                                     
    FromAddr:           All                                            
    ToAddr:             All                                            
   ConnectionDescriptor:                                               
    Protocol:           TCP  (6)                                       
    LocalPortFrom:      0                 LocalPortTo:    0            
    RemotePortFrom:     0                 RemotePortTo:   0            
    JobName:                              UserId:                      
    TCPConnDirection:   Both                                           
    TCPConnDirection:   Both                                       
   SecurityProtocol:    TLS                                        
   ZERTTLSProtocol:                                                
    TLSProtocol:        TLSv1.2                                    
    TLSProtocol:        TLSv1.3                                    
   ZERTSSHProtocol:                                                
    SSHProtocol:        Any                                        
   ZERTSymmetricEncryption:                                        
    SymmetricEncryption: AES_CBC_128                               
    SymmetricEncryption: AES_CBC_192                               
    SymmetricEncryption: AES_CBC_256                               
    SymmetricEncryption: AES_256                                   
   ZERTMessageAuthentication:                                      
    MessageAuthentication: HMAC_SHA1                               
    MessageAuthentication: HMAC_SHA2_224                           
   ZERTKeyExchange:                                                
    TLSKeyExchange:     Any                                        
    SSHKeyExchange:     Any                                        
Policy created: Mon Aug 31 09:07:22 2020                         
Policy updated: Mon Aug 31 09:07:22 2020                         
                                                                 
ZERT Action:         Allow                                      
 Version:            4                 Status:            Active
 AuditRecord:        No                                          
 LogConsole:         No                                         
 LogSyslogd:         No                                         
 ResetTCPConn:       No                                         
 LogLevel:           4                                         
Policy created: Mon Aug 31 09:07:22 2020                       
Policy updated: Mon Aug 31 09:07:22 2020
End of change