Using Filters to Display IPv6 Session and Flow Information for SRX Series Services Gateways

Purpose

You can display flow and session information about one or more sessions with the show security flow session command. IPv6 sessions are included in aggregated statistics.

You can use the following filters with the show security flow session command: application, destination-port, destination-prefix, family, idp, interface, nat, protocol, resource-manager, session-identifier, source-port, source-prefix and tunnel.

Note: Except the session-identifier filter, the output of all the other filters can be viewed in brief, summary and extensive mode. Brief mode is the default mode. The output of the session- identifier filter can be viewed only in the brief mode.

You can use the same filter options with the clear security flow session command to terminate sessions.

Action

The following examples show how to use IPv6-related filters to display summaries and details for IPv6 sessions.

Filtered summary report based on family


root> show security flow session summary family ?
Possible completions:
  inet                 Show IPv4 sessions
  inet6                Show IPv6/IPv6-NATPT sessions

root> show security flow session summary family inet6
Flow Sessions on FPC4 PIC1:

Valid sessions: 71
Pending sessions: 0
Invalidated sessions: 56
Sessions in other states: 0
Total sessions: 127

Flow Sessions on FPC5 PIC0:

Valid sessions: 91
Pending sessions: 0
Invalidated sessions: 53
Sessions in other states: 0
Total sessions: 144

Flow Sessions on FPC5 PIC1:

Valid sessions: 91
Pending sessions: 0
Invalidated sessions: 54
Sessions in other states: 0
Total sessions: 145

Filtered detailed report based on family


root> show security flow session family ?
Possible completions:
  inet                 Show IPv4 sessions
  inet6                Show IPv6/IPv6-NATPT sessions

root> show security flow session family inet6
Flow Sessions on FPC4 PIC1:

Session ID: 170001887, Policy name: self-traffic-policy/1, Timeout: 2, Valid
  In: 4000::100/9 --> 4000::200/27490;icmp6, If: ge-0/0/2.0, Pkts: 1, Bytes: 104
  Out: 4000::200/27490 --> 4000::100/9;icmp6, If: .local..0, Pkts: 1, Bytes: 104
Total sessions: 1

Flow Sessions on FPC5 PIC0:

Session ID: 200001865, Policy name: self-traffic-policy/1, Timeout: 2, Valid
  In: 4000::100/10 --> 4000::200/27490;icmp6, If: ge-0/0/2.0, Pkts: 1, Bytes: 104
  Out: 4000::200/27490 --> 4000::100/10;icmp6, If: .local..0, Pkts: 1, Bytes: 104
Total sessions: 1

Flow Sessions on FPC5 PIC1:

Session ID: 210001865, Policy name: self-traffic-policy/1, Timeout: 4, Valid
  In: 4000::100/11 --> 4000::200/27490;icmp6, If: ge-0/0/2.0, Pkts: 1, Bytes: 104
  Out: 4000::200/27490 --> 4000::100/11;icmp6, If: .local..0, Pkts: 1, Bytes: 104
Total sessions: 1      

Filtered brief report based on family


root> show security flow session family inet brief
Flow Sessions on FPC4 PIC1:

Session ID: 170067516, Policy name: self-traffic-policy/1, Timeout: 4, Valid
  In: 40.0.0.100/23 --> 40.0.0.1/26637;icmp, If: ge-0/0/2.0, Pkts: 1, Bytes: 84
  Out: 40.0.0.1/26637 --> 40.0.0.100/23;icmp, If: .local..0, Pkts: 1, Bytes: 84
Total sessions: 1

Flow Sessions on FPC5 PIC0:

Session ID: 200066737, Policy name: self-traffic-policy/1, Timeout: 2, Valid
  In: 40.0.0.100/21 --> 40.0.0.1/26637;icmp, If: ge-0/0/2.0, Pkts: 1, Bytes: 84
  Out: 40.0.0.1/26637 --> 40.0.0.100/21;icmp, If: .local..0, Pkts: 1, Bytes: 84
Total sessions: 1

Flow Sessions on FPC5 PIC1:

Session ID: 210066726, Policy name: self-traffic-policy/1, Timeout: 2, Valid
  In: 40.0.0.100/22 --> 40.0.0.1/26637;icmp, If: ge-0/0/2.0, Pkts: 1, Bytes: 84
  Out: 40.0.0.1/26637 --> 40.0.0.100/22;icmp, If: .local..0, Pkts: 1, Bytes: 84
Total sessions: 1

Filtered detailed report based on an IPv6 source-prefix


root> show security flow session source-prefix 4000::100
Flow Sessions on FPC4 PIC1:

Session ID: 170001907, Policy name: self-traffic-policy/1, Timeout: 2, Valid
  In: 4000::100/69 --> 4000::200/27490;icmp6, If: ge-0/0/2.0, Pkts: 1, Bytes: 104
  Out: 4000::200/27490 --> 4000::100/69;icmp6, If: .local..0, Pkts: 1, Bytes: 104
Total sessions: 1

Flow Sessions on FPC5 PIC0:

Session ID: 200001885, Policy name: self-traffic-policy/1, Timeout: 2, Valid
  In: 4000::100/70 --> 4000::200/27490;icmp6, If: ge-0/0/2.0, Pkts: 1, Bytes: 104
  Out: 4000::200/27490 --> 4000::100/70;icmp6, If: .local..0, Pkts: 1, Bytes: 104
Total sessions: 1

Flow Sessions on FPC5 PIC1:

Session ID: 210001885, Policy name: self-traffic-policy/1, Timeout: 4, Valid
  In: 4000::100/71 --> 4000::200/27490;icmp6, If: ge-0/0/2.0, Pkts: 1, Bytes: 104
  Out: 4000::200/27490 --> 4000::100/71;icmp6, If: .local..0, Pkts: 1, Bytes: 104
Total sessions: 1

Multiple-filtered detailed report based on family, protocol and source-prefix


root> show security flow session family inet protocol icmp source-prefix 40/8
Flow Sessions on FPC4 PIC1:

Session ID: 170029413, Policy name: self-traffic-policy/1, Timeout: 2, Valid
  In: 40.0.0.100/50 --> 40.0.0.1/1369;icmp, If: ge-0/0/2.0, Pkts: 1, Bytes: 84
  Out: 40.0.0.1/1369 --> 40.0.0.100/50;icmp, If: .local..0, Pkts: 1, Bytes: 84
Total sessions: 1

Flow Sessions on FPC5 PIC0:

Session ID: 200029073, Policy name: self-traffic-policy/1, Timeout: 2, Valid
  In: 40.0.0.100/51 --> 40.0.0.1/1369;icmp, If: ge-0/0/2.0, Pkts: 1, Bytes: 84
  Out: 40.0.0.1/1369 --> 40.0.0.100/51;icmp, If: .local..0, Pkts: 1, Bytes: 84
Total sessions: 1

Flow Sessions on FPC5 PIC1:
 
Session ID: 210029083, Policy name: self-traffic-policy/1, Timeout: 2, Valid
  In: 40.0.0.100/52 --> 40.0.0.1/1369;icmp, If: ge-0/0/2.0, Pkts: 1, Bytes: 84
  Out: 40.0.0.1/1369 --> 40.0.0.100/52;icmp, If: .local..0, Pkts: 1, Bytes: 84
Total sessions: 1

Clearing all sessions, including IPv6 sessions


root> clear security flow session all
This command may terminate the current session too.
Continue? [yes,no] (no) yes 
0 active sessions cleared
1 active sessions cleared
1 active sessions cleared
1 active sessions cleared

Clearing only IPv6 sessions


root> clear security flow session family ?
Possible completions:
  inet                 Clear IPv4 sessions
  inet6                Clear IPv6/IPv6-NATPT sessions

root> clear security flow session family inet6
0 active sessions cleared
1 active sessions cleared
1 active sessions cleared
1 active sessions cleared

Related Topics