show security flow session protocol

Syntax

Release Information

Command introduced in Release 8.5 of JUNOS software; node options added in Release 9.0 of JUNOS software.

Description

Display information about each session that uses the specified protocol.

This command is supported on J-series and SRX-series devices.

Options

protocol-name —(Optional) Protocol to use as a sessions filter. Information about sessions that use this protocol is displayed. Possible protocols are

• ah—IP Security Authentication Header
• egp—Exterior gateway protocol
• esp—IPsec Encapsulating Security Payload
• gre—Generic routing encapsulation
• icmp—Internet Control Message Protocol
• igmp—Internet Group Management Protocol
• ipip—IP over IP
• ospf—Open Shortest Path First
• pim—Protocol Independent Multicast
• rsvp—Resource Reservation Protocol
• sctp—Stream Control Transmission Protocol
• tcp—Transmission Control Protocol
• udp—User Datagram Protocol

protocol-number —(Optional) Numeric protocol value. For a complete list of possible numeric values, see RFC 1700, Assigned Numbers (for the Internet Protocol Suite).

Range: 0 through 255

node—(Optional) For chassis cluster configurations, display sessions that use the specified protocol on a specific node.

• node-id —Identification number of the node. It can be 0 or 1.
• all—Display information about all nodes.
• local—Display information about the local node.
• primary—Display information about the primary node.

Required Privilege Level

view

Related Topics

clear security flow session protocol

List of Sample Output

Output Fields

Table 43 lists the output fields for the show security flow session protocol command. Output fields are listed in the approximate order in which they appear.

Table 43: show security flow session protocol Output Fields

Session ID: 1, Policy name: self-traffic-policy/1, Timeout: 57
In: 0.0.0.0/68 --> 255.255.255.255/67;udp, If: ge-0/0/0.0
Out: 255.255.255.255/67 --> 0.0.0.0/68;udp, If: .local..0

Session ID: 4135, Policy name: N/A, Timeout: 1799
In: 10.0.0.96/1026 --> 10.0.0.1/5000;tcp, If: pc-5/0/0.16383
Out: 10.0.0.1/5000 --> 10.0.0.96/1026;tcp, If: .local..0
Session ID: 6301, Policy name: wx2ut, Timeout: 1726
In: 2.2.2.1/1865 --> 90.0.0.5/3578;tcp, If: wx-5/0/0.0
Out: 90.0.0.5/3578 --> 2.2.2.1/1865;tcp, If: e1-2/0/0.0
Session ID: 6307, Policy name: ut2wx, Timeout: 1726
In: 90.0.0.5/3331 --> 2.2.2.1/3578;tcp, If: e1-2/0/0.0
Out: 2.2.2.1/3578 --> 90.0.0.5/3331;tcp, If: wx-5/0/0.0
Session ID: 6329, Policy name: ut2wx, Timeout: 494
In: 90.0.0.6/3336 --> 2.2.2.3/3578;tcp, If: e1-2/0/1.0
Out: 2.2.2.3/3578 --> 90.0.0.6/3336;tcp, If: wx-5/0/0.0
Session ID: 6348, Policy name: ut2t_red, Timeout: 1605
In: 90.0.0.1/3972 --> 20.0.0.1/21;tcp, If: e1-2/0/0.0
Out: 20.0.0.1/21 --> 90.0.0.1/3972;tcp, If: ge-0/0/1.0
Session ID: 6355, Policy name: t2ut_red, Timeout: 1726
In: 20.0.0.1/1104 --> 90.0.0.1/21;tcp, If: ge-0/0/1.0
Out: 90.0.0.1/21 --> 20.0.0.1/1104;tcp, If: e1-2/0/0.0
6 sessions displayed

node0:
--------------------------------------------------------------------------
Session ID: 1, Policy name: sfw1/4, State: Active, Timeout: 60
  In: 1.1.1.2/2000 --> 11.11.1.2/40000;udp, If: reth0.1
  Out: 11.11.1.2/40000 --> 1.1.1.2/2000;udp, If: reth1.1
Session ID: 2, Policy name: sfw2/5, State: Active, Timeout: 60
  In: 1.1.2.2/2000 --> 11.11.2.2/40000;udp, If: reth0.2
  Out: 11.11.2.2/40000 --> 1.1.2.2/2000;udp, If: reth1.2
Session ID: 3, Policy name: sfw3/6, State: Active, Timeout: 60
  In: 1.1.3.2/2000 --> 11.11.3.2/40000;udp, If: reth0.3
  Out: 11.11.3.2/40000 --> 1.1.3.2/2000;udp, If: reth1.3
Session ID: 4, Policy name: sfw4/7, State: Active, Timeout: 60
  In: 1.1.4.2/2000 --> 11.11.4.2/40000;udp, If: reth0.4
  Out: 11.11.4.2/40000 --> 1.1.4.2/2000;udp, If: reth1.4
4 sessions displayed