Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

TechLibrary
Navigation

show security flow session

Syntax

show security flow session [filter ] [brief | extensive | summary ]

Release Information

Command introduced in Junos OS Release 8.5. Support for filter and view options added in Junos OS Release 10.2. Application firewall, dynamic application, and logical system filters added in Junos OS Release 11.2.

Description

Display information about all currently active security sessions on the device.

Options

  • filter—Filter the display by the specified criteria.

    The following filters reduce the display to those sessions that match the criteria specified by the filter. Refer to the specific show command for examples of the filtered output.

    application

    Predefined application name

    application-firewall

    Application firewall enabled

    application-firewall-rule-set

    Application firewall enabled with the specified rule set

    application-traffic-control

    Application traffic control rule set name and rule name

    destination-port

    Destination port

    destination-prefix

    Destination IP prefix or address

    dynamic-application

    Dynamic application

    dynamic-application-group

    Dynamic application

    encrypted

    Encrypted traffic

    family

    Display session by family

    idp

    IDP enabled sessions

    interface

    Name of incoming or outgoing interface

    logical-system (all | logical-system-name)

    Name of a specific logical system or all to display all logical systems

    nat

    Display sessions with network address translation

    protocol

    IP protocol number

    resource-manager

    Resource manager

    session-identifier

    Session identifier

    source-port

    Source port

    source-prefix

    Source IP prefix

    tunnel

    Tunnel sessions

  • brief | extensive | summary—Display the specified level of output.
  • none—Display information about all active sessions.

Required Privilege Level

view

 

Related Documentation

 

List of Sample Output

show security flow session
show security flow session brief
show security flow session extensive
show security flow session summary

Output Fields

Table 1 lists the output fields for the show security flow session command. Output fields are listed in the approximate order in which they appear.

Table 1: show security flow session Output Fields

Field Name

Field Description

Session ID

Number that identifies the session. Use this ID to get more information about the session.

Policy name

Policy that permitted the traffic.

Timeout

Idle timeout after which the session expires.

In

Incoming flow (source and destination IP addresses, application protocol, interface, session token, route, gateway, tunnel, port sequence, FIN sequence, FIN state, packets and bytes).

Out

Reverse flow (source and destination IP addresses, application protocol, interface, session token, route, gateway, tunnel, port sequence, FIN sequence, FIN state, packets and bytes).

Total sessions

Total number of sessions.

Status

Session status.

Flag

Internal flag depicting the state of the session, used for debugging purposes.

Policy name

Name and ID of the policy that the first packet of the session matched.

Source NAT pool

The name of the source pool where NAT is used.

Dynamic application

Name of the application.

Application traffic control rule-set

AppQoS rule set for this session.

Rule

AppQoS rule for this session.

Forwarding class

The AppQoS forwarding class name for this session that distinguishes the transmission priority

DSCP code point

Differentiated Services (DiffServ) code point (DSCP) value remarked by the matching rule for this session.

Loss priority

One of four priority levels set by the matching rule to control discarding a packet during periods of congestion. A high loss priority means a high probability that the packet could be dropped during a period of congestion.

Rate limiter client to server

The rate-limiter profile assigned to the client-to-server traffic defining a unique combination of bandwidth-limit and burst-size-limit specifications.

Rate limiter server to client

The rate-limiter profile assigned to the server-to-client traffic defining a unique combination of bandwidth-limit and burst-size-limit specifications.

Maximum timeout

Maximum session timeout.

Current timeout

Remaining time for the session unless traffic exists in the session.

Session State

Session state.

Start time

Time when the session was created, offset from the system start time.

Unicast-sessions

Number of unicast sessions.

Multicast-sessions

Number of multicast sessions.

Failed-sessions

Number of failed sessions.

Sessions-in-use

Number of sessions in use.

  • Valid sessions
  • Pending sessions
  • Invalidated sessions
  • Sessions in other states

Maximum-sessions

Maximum number of sessions permitted.

Sample Output

show security flow session

root> show security flow session
Flow Sessions on FPC4 PIC1:
Total sessions: 0

Flow Sessions on FPC5 PIC0:

Session ID: 200000001, Policy name: default-policy/2, Timeout: 1794, Valid
  In: 40.0.0.111/32852 --> 30.0.0.100/21;tcp, If: ge-0/0/2.0, Pkts: 25, Bytes: 1138
  Out: 30.0.0.100/21 --> 40.0.0.111/32852;tcp, If: ge-0/0/1.0, Pkts: 20, Bytes: 1152
Total sessions: 1

Flow Sessions on FPC5 PIC1:
Total sessions: 0

show security flow session brief

root> show security flow session brief 
Flow Sessions on FPC4 PIC1:
Total sessions: 0

Flow Sessions on FPC5 PIC0:

Session ID: 200000001, Policy name: default-policy/2, Timeout: 1794, Valid
  In: 40.0.0.111/32852 --> 30.0.0.100/21;tcp, If: ge-0/0/2.0, Pkts: 25, Bytes: 1138
  Out: 30.0.0.100/21 --> 40.0.0.111/32852;tcp, If: ge-0/0/1.0, Pkts: 20, Bytes: 1152
Total sessions: 1

Flow Sessions on FPC5 PIC1:
Total sessions: 0

show security flow session extensive

root> show security flow session extensive
Flow Sessions on FPC5 PIC0:

Session ID: 100000001, Status: Normal
Flag: 0x40
Policy name: p/4
Source NAT pool: Null
Dynamic application: junos:UNKNOWN, 
Encryption:  Unknown
Application traffic control rule-set: INVALID, Rule: INVALID
Maximum timeout: 1800, Current timeout: 296
Session State: Valid
Start time: 422, Duration: 4
   In: 15.0.0.10/3000 --> 20.0.0.10/3000;tcp, 
    Interface: ge-0/0/1.0, 
    Session token: 0x8, Flag: 0x21
    Route: 0x0, Gateway: 15.0.0.10, Tunnel: 0
    Port sequence: 0, FIN sequence: 0, 
    FIN state: 0, 
    Pkts: 1, Bytes: 104
   Out: 20.0.0.10/3000 --> 15.0.0.10/3000;tcp, 
    Interface: ge-0/0/2.0, 
    Session token: 0x9, Flag: 0x20
    Route: 0x0, Gateway: 20.0.0.10, Tunnel: 0
    Port sequence: 0, FIN sequence: 0, 
    FIN state: 0, 
    Pkts: 0, Bytes: 0
Total sessions: 1

show security flow session summary

root> show security flow session summary
Flow Sessions on FPC4 PIC1:
Unicast-sessions: 0
Multicast-sessions: 0
Failed-sessions: 0
Sessions-in-use: 0
  Valid sessions: 0
  Pending sessions: 0
  Invalidated sessions: 0
  Sessions in other states: 0
Maximum-sessions: 819200

Flow Sessions on FPC5 PIC0:
Unicast-sessions: 1
Multicast-sessions: 0
Failed-sessions: 0
Sessions-in-use: 1
  Valid sessions: 1
  Pending sessions: 0
  Invalidated sessions: 0
  Sessions in other states: 0
Maximum-sessions: 819200

Flow Sessions on FPC5 PIC1:
Unicast-sessions: 0                     
Multicast-sessions: 0
Failed-sessions: 0
Sessions-in-use: 0
  Valid sessions: 0
  Pending sessions: 0
  Invalidated sessions: 0
  Sessions in other states: 0
Maximum-sessions: 819200

Published: 2014-05-09

Previous Page Next Page