Using Filters to Display IPv6 Session and Flow Information for SRX Series Services Gateways
Purpose
You can display flow and session information about one or more sessions with the show security flow session command. IPv6 sessions are included in aggregated statistics.
You can use the following filters with the show security flow session command: application, destination-port, destination-prefix, family, idp, interface, nat, protocol, resource-manager, session-identifier, source-port, source-prefix and tunnel.
 | Note: Except the session-identifier filter, the output of all the other filters can be viewed in brief, summary and extensive mode. Brief mode is the default mode. The output of the session- identifier filter can be viewed only in the brief mode. |
You can use the same filter options with the clear security flow session command to terminate sessions.
Action
The following examples show how to use IPv6-related filters to display summaries and details for IPv6 sessions.
Filtered summary report based on family
root> show security flow session summary family
? Possible completions: inet Show IPv4 sessions inet6 Show IPv6/IPv6-NATPT sessions
root> show security flow session summary family
inet6 Flow Sessions on FPC4 PIC1: Valid sessions: 71 Pending sessions: 0 Invalidated sessions: 56 Sessions in other states: 0 Total sessions: 127 Flow Sessions on FPC5 PIC0: Valid sessions: 91 Pending sessions: 0 Invalidated sessions: 53 Sessions in other states: 0 Total sessions: 144 Flow Sessions on FPC5 PIC1: Valid sessions: 91 Pending sessions: 0 Invalidated sessions: 54 Sessions in other states: 0 Total sessions: 145
Filtered detailed report based on family
root> show security flow session family ? Possible completions: inet Show IPv4 sessions inet6 Show IPv6/IPv6-NATPT sessions
root> show security flow session family inet6 Flow Sessions on FPC4 PIC1: Session ID: 170001887, Policy name: self-traffic-policy/1, Timeout: 2, Valid In: 4000::100/9 --> 4000::200/27490;icmp6, If: ge-0/0/2.0, Pkts: 1, Bytes: 104 Out: 4000::200/27490 --> 4000::100/9;icmp6, If: .local..0, Pkts: 1, Bytes: 104 Total sessions: 1 Flow Sessions on FPC5 PIC0: Session ID: 200001865, Policy name: self-traffic-policy/1, Timeout: 2, Valid In: 4000::100/10 --> 4000::200/27490;icmp6, If: ge-0/0/2.0, Pkts: 1, Bytes: 104 Out: 4000::200/27490 --> 4000::100/10;icmp6, If: .local..0, Pkts: 1, Bytes: 104 Total sessions: 1 Flow Sessions on FPC5 PIC1: Session ID: 210001865, Policy name: self-traffic-policy/1, Timeout: 4, Valid In: 4000::100/11 --> 4000::200/27490;icmp6, If: ge-0/0/2.0, Pkts: 1, Bytes: 104 Out: 4000::200/27490 --> 4000::100/11;icmp6, If: .local..0, Pkts: 1, Bytes: 104 Total sessions: 1
Filtered brief report based on family
root> show security flow session family inet
briefFlow Sessions on FPC4 PIC1: Session ID: 170067516, Policy name: self-traffic-policy/1, Timeout: 4, Valid In: 40.0.0.100/23 --> 40.0.0.1/26637;icmp, If: ge-0/0/2.0, Pkts: 1, Bytes: 84 Out: 40.0.0.1/26637 --> 40.0.0.100/23;icmp, If: .local..0, Pkts: 1, Bytes: 84 Total sessions: 1 Flow Sessions on FPC5 PIC0: Session ID: 200066737, Policy name: self-traffic-policy/1, Timeout: 2, Valid In: 40.0.0.100/21 --> 40.0.0.1/26637;icmp, If: ge-0/0/2.0, Pkts: 1, Bytes: 84 Out: 40.0.0.1/26637 --> 40.0.0.100/21;icmp, If: .local..0, Pkts: 1, Bytes: 84 Total sessions: 1 Flow Sessions on FPC5 PIC1: Session ID: 210066726, Policy name: self-traffic-policy/1, Timeout: 2, Valid In: 40.0.0.100/22 --> 40.0.0.1/26637;icmp, If: ge-0/0/2.0, Pkts: 1, Bytes: 84 Out: 40.0.0.1/26637 --> 40.0.0.100/22;icmp, If: .local..0, Pkts: 1, Bytes: 84 Total sessions: 1
Filtered detailed report based on an IPv6 source-prefix
root> show security flow session source-prefix
4000::100 Flow Sessions on FPC4 PIC1: Session ID: 170001907, Policy name: self-traffic-policy/1, Timeout: 2, Valid In: 4000::100/69 --> 4000::200/27490;icmp6, If: ge-0/0/2.0, Pkts: 1, Bytes: 104 Out: 4000::200/27490 --> 4000::100/69;icmp6, If: .local..0, Pkts: 1, Bytes: 104 Total sessions: 1 Flow Sessions on FPC5 PIC0: Session ID: 200001885, Policy name: self-traffic-policy/1, Timeout: 2, Valid In: 4000::100/70 --> 4000::200/27490;icmp6, If: ge-0/0/2.0, Pkts: 1, Bytes: 104 Out: 4000::200/27490 --> 4000::100/70;icmp6, If: .local..0, Pkts: 1, Bytes: 104 Total sessions: 1 Flow Sessions on FPC5 PIC1: Session ID: 210001885, Policy name: self-traffic-policy/1, Timeout: 4, Valid In: 4000::100/71 --> 4000::200/27490;icmp6, If: ge-0/0/2.0, Pkts: 1, Bytes: 104 Out: 4000::200/27490 --> 4000::100/71;icmp6, If: .local..0, Pkts: 1, Bytes: 104 Total sessions: 1
Multiple-filtered detailed report based on family, protocol and source-prefix
root> show security flow session family inet
protocol icmp source-prefix 40/8 Flow Sessions on FPC4 PIC1: Session ID: 170029413, Policy name: self-traffic-policy/1, Timeout: 2, Valid In: 40.0.0.100/50 --> 40.0.0.1/1369;icmp, If: ge-0/0/2.0, Pkts: 1, Bytes: 84 Out: 40.0.0.1/1369 --> 40.0.0.100/50;icmp, If: .local..0, Pkts: 1, Bytes: 84 Total sessions: 1 Flow Sessions on FPC5 PIC0: Session ID: 200029073, Policy name: self-traffic-policy/1, Timeout: 2, Valid In: 40.0.0.100/51 --> 40.0.0.1/1369;icmp, If: ge-0/0/2.0, Pkts: 1, Bytes: 84 Out: 40.0.0.1/1369 --> 40.0.0.100/51;icmp, If: .local..0, Pkts: 1, Bytes: 84 Total sessions: 1 Flow Sessions on FPC5 PIC1: Session ID: 210029083, Policy name: self-traffic-policy/1, Timeout: 2, Valid In: 40.0.0.100/52 --> 40.0.0.1/1369;icmp, If: ge-0/0/2.0, Pkts: 1, Bytes: 84 Out: 40.0.0.1/1369 --> 40.0.0.100/52;icmp, If: .local..0, Pkts: 1, Bytes: 84 Total sessions: 1
Clearing all sessions, including IPv6 sessions
root> clear security flow session all This command may terminate the current session too. Continue? [yes,no] (no) yes
0 active sessions cleared 1 active sessions cleared 1 active sessions cleared 1 active sessions cleared
Clearing only IPv6 sessions
root> clear security flow session family ? Possible completions: inet Clear IPv4 sessions inet6 Clear IPv6/IPv6-NATPT sessions
root> clear security flow session family inet6 0 active sessions cleared 1 active sessions cleared 1 active sessions cleared 1 active sessions cleared
Related Topics
- JUNOS Software Feature Support Reference for SRX Series and J Series Devices
- Enabling Flow-Based Processing for IPv6 Traffic
- Understanding How to Obtain Session Information for SRX Series Services Gateways
- Displaying a Summary of Sessions for SRX Series Services Gateways
- Displaying Session and Flow Information About Sessions for SRX Series Services Gateways
- Displaying Session and Flow Information About a Specific Session for SRX Series Services Gateways
- Information Provided in Session Log Entries for SRX Series Services Gateways
- Clearing Sessions for SRX Series Services Gateways