show security flow session interface
Syntax
show security flow session interfaceinterface-name [brief | extensive | summary]
Description
Display information about each session that uses the specified interface. The interface name can be a session's incoming or outgoing interface.
Options
interface-name—Name of the interface on the device for which to display sessions information.brief | extensive | summary–Display the specified level of output.
Required Privilege Level
view
Output Fields
Table 1 lists the output
fields for the show security flow session interface command.
Output fields are listed in the approximate order in which they appear.
Field Name |
Field Description |
|---|---|
|
Number that identifies the session. You can use this ID to get additional information about the session. |
|
Policy that permitted the traffic. |
|
Idle timeout after which the session expires. |
|
Incoming flow (source and destination IP addresses, application protocol, interface, session token, route, gateway, tunnel, port sequence, FIN sequence, FIN state, packets and bytes). |
|
Reverse flow (source and destination IP addresses, application protocol, interface, session token, route, gateway, tunnel, port sequence, FIN sequence, FIN state, packets and bytes). |
|
Total number of sessions. |
|
Session status. |
|
Internal flag depicting the state of the session, used for debugging purposes. |
|
Name and ID of the policy that the first packet of the session matched. |
|
The name of the source pool where NAT is used. |
|
Name of the application. |
|
Maximum session timeout. |
|
Remaining time for the session unless traffic exists in the session. |
|
Session state. |
|
Time when the session was created, offset from the system start time. |
|
Number of unicast sessions. |
|
Number of multicast sessions. |
|
Number of failed sessions. |
|
Number of sessions in use.
|
|
Number of maximum sessions. |
Sample Output
- show security flow session interface ge-0/0/2.0
- show security flow session interface ge-0/0/2.0 brief
- show security flow session interface ge-0/0/2.0 extensive
- show security flow session interface ge-7/1/1.0 summary
show security flow session interface ge-0/0/2.0
root> show security flow session interface ge-7/1/1.0 Flow Sessions on FPC10 PIC1: Total sessions: 0 Flow Sessions on FPC10 PIC2: Session ID: 420000146, Policy name: default-policy-00/2, Timeout: 58, Valid In: 200.0.0.10/9 --> 60.0.0.2/21562;icmp, If: ge-7/1/0.0, Pkts: 1, Bytes: 84, CP Session ID: 420000247 Out: 60.0.0.2/21562 --> 200.0.0.10/9;icmp, If: ge-7/1/1.0, Pkts: 0, Bytes: 0, CP Session ID: 420000247 Total sessions: 1 Flow Sessions on FPC10 PIC3: Session ID: 430000146, Policy name: default-policy-00/2, Timeout: 56, Valid In: 200.0.0.10/8 --> 60.0.0.2/21562;icmp, If: ge-7/1/0.0, Pkts: 1, Bytes: 84, CP Session ID: 430000131 Out: 60.0.0.2/21562 --> 200.0.0.10/8;icmp, If: ge-7/1/1.0, Pkts: 0, Bytes: 0, CP Session ID: 430000131 Total sessions: 1
show security flow session interface ge-0/0/2.0 brief
root> show security flow session interface ge-7/1/1.0 brief Flow Sessions on FPC10 PIC1: Session ID: 410000137, Policy name: default-policy-00/2, Timeout: 2, Valid In: 200.0.0.10/5 --> 60.0.0.2/23354;icmp, If: ge-7/1/0.0, Pkts: 1, Bytes: 84, CP Session ID: 410000269 Out: 60.0.0.2/23354 --> 200.0.0.10/5;icmp, If: ge-7/1/1.0, Pkts: 1, Bytes: 84, CP Session ID: 410000269 Total sessions: 1 Flow Sessions on FPC10 PIC2: Session ID: 420000151, Policy name: default-policy-00/2, Timeout: 54, Valid In: 200.0.0.10/1 --> 60.0.0.2/23354;icmp, If: ge-7/1/0.0, Pkts: 1, Bytes: 84, CP Session ID: 420000252 Out: 60.0.0.2/23354 --> 200.0.0.10/1;icmp, If: ge-7/1/1.0, Pkts: 0, Bytes: 0, CP Session ID: 420000252 Total sessions: 1 Flow Sessions on FPC10 PIC3: Total sessions: 0
show security flow session interface ge-0/0/2.0 extensive
root> show security flow session interface ge-7/1/1.0 extensive
Flow Sessions on FPC10 PIC1:
Total sessions: 0
Flow Sessions on FPC10 PIC2:
Session ID: 420000151, Status: Normal
Flags: 0x40/0x0/0x2000003
Policy name: default-policy-00/2
Source NAT pool: Null
Dynamic application: junos:UNKNOWN,
Encryption: Unknown
Application traffic control rule-set: INVALID, Rule: INVALID
Maximum timeout: 60, Current timeout: 48
Session State: Valid
Start time: 83328, Duration: 12
In: 200.0.0.10/1 --> 60.0.0.2/23354;icmp,
Interface: ge-7/1/0.0,
Session token: 0x6, Flag: 0xc0000021
Route: 0xa0010, Gateway: 200.0.0.10, Tunnel: 0
Port sequence: 0, FIN sequence: 0,
FIN state: 0,
Pkts: 1, Bytes: 84
CP Session ID: 420000252
Out: 60.0.0.2/23354 --> 200.0.0.10/1;icmp,
Interface: ge-7/1/1.0,
Session token: 0x7, Flag: 0xc0000020
Route: 0x80010, Gateway: 60.0.0.2, Tunnel: 0
Port sequence: 0, FIN sequence: 0,
FIN state: 0,
Pkts: 0, Bytes: 0
CP Session ID: 420000252
Total sessions: 1
Flow Sessions on FPC10 PIC3:
Total sessions: 0show security flow session interface ge-7/1/1.0 summary
root> show security flow session interface ge-7/1/1.0 summary Flow Sessions on FPC10 PIC1: Valid sessions: 1 Pending sessions: 0 Invalidated sessions: 0 Sessions in other states: 0 Total sessions: 1 Flow Sessions on FPC10 PIC2: Valid sessions: 1 Pending sessions: 0 Invalidated sessions: 0 Sessions in other states: 0 Total sessions: 1 Flow Sessions on FPC10 PIC3: Valid sessions: 2 Pending sessions: 0 Invalidated sessions: 0 Sessions in other states: 0 Total sessions: 2
Release Information
Command introduced in Junos OS Release 8.5; Filter and view options added in Junos OS Release 10.2.