show security flow session summary services-offload
Syntax
show security flow session summary services-offload [filter]
Description
Display information about all currently active services-offload security sessions on the device in summary mode.
Options
filter—Filter the display by the specified criteria.
The following filters reduce the display to those sessions that match the criteria specified by the filter:
applicationApplication name.
application-firewall-rule-setApplication firewall enabled with the specified rule set.
application-traffic-control-rule-setApplication traffic control enabled with the specified rule set.
destination-portDestination port.
destination-prefixDestination IP prefix or address.
dynamic-applicationDynamic application name.
dynamic-application-groupDynamic application group name.
familyProtocol family.
interfaceName of incoming or outgoing interface.
logcal-systemLogical system name.
protocolIP protocol number.
root-logical-systemRoot logical system name.
source-portSource port.
source-prefixSource IP prefix or address.
Required Privilege Level
view
Output Fields
Table 1
lists the output fields for the show security flow session
summary services-offload command. Output fields are listed in
the approximate order in which they appear.
Field Name |
Field Description |
|---|---|
|
Number of unicast sessions. |
|
Number of multicast sessions. |
|
Number of services-offload sessions. |
|
Number of failed sessions. |
|
Number of sessions in use:
|
|
Maximum number of sessions. |
Sample Output
- show security flow session summary services-offload
- show security flow session summary services-offload application
- show security flow session summary services-offload destination-port
show security flow session summary services-offload
user@host> show security flow session summary services-offload Flow Sessions on FPC1 PIC0: Unicast-sessions: 0 Multicast-sessions: 0 Services-offload-sessions: 0 Failed-sessions: 0 Sessions-in-use: 0 Valid sessions: 0 Pending sessions: 0 Invalidated sessions: 0 Sessions in other states: 0 Maximum-sessions: 409600 Flow Sessions on FPC2 PIC0: Unicast-sessions: 1 Multicast-sessions: 0 Services-offload-sessions: 1 Failed-sessions: 0 Sessions-in-use: 1 Valid sessions: 1 Pending sessions: 0 Invalidated sessions: 0 Sessions in other states: 0 Maximum-sessions: 819200 Flow Sessions on FPC3 PIC0: Unicast-sessions: 0 Multicast-sessions: 0 Services-offload-sessions: 0 Failed-sessions: 0 Sessions-in-use: 0 Valid sessions: 0 Pending sessions: 0 Invalidated sessions: 0 Sessions in other states: 0 Maximum-sessions: 819200 Flow Sessions on FPC5 PIC0: Unicast-sessions: 0 Multicast-sessions: 0 Services-offload-sessions: 0 Failed-sessions: 0 Sessions-in-use: 0 Valid sessions: 0 Pending sessions: 0 Invalidated sessions: 0 Sessions in other states: 0 Maximum-sessions: 819200
show security flow session summary services-offload application
user@host> show security flow session summary services-offload application telnet Flow Sessions on FPC10 PIC1: Valid sessions: 0 Pending sessions: 0 Invalidated sessions: 0 Sessions in other states: 0 Total sessions: 0 Flow Sessions on FPC10 PIC2: Valid sessions: 0 Pending sessions: 0 Invalidated sessions: 0 Sessions in other states: 0 Total sessions: 0 Flow Sessions on FPC10 PIC3: Valid sessions: 1 Pending sessions: 0 Invalidated sessions: 0 Sessions in other states: 0 Total sessions: 1
show security flow session summary services-offload destination-port
user@host> show security flow session summary services-offload destination-port 23 Flow Sessions on FPC10 PIC1: Total sessions: 0 Flow Sessions on FPC10 PIC2: Total sessions: 0 Flow Sessions on FPC10 PIC3: Session ID: 430000004, Policy name: p1/4, Timeout: 1500, Valid In: 200.0.0.10/15200 --> 60.0.0.2/23;tcp, If: ge-7/1/0.0, Pkts: 13, Bytes: 718, CP Session ID: 430000003 Out: 60.0.0.2/23 --> 200.0.0.10/15200;tcp, If: ge-7/1/1.0, Pkts: 12, Bytes: 677, CP Session ID: 430000003 Total sessions: 1
Release Information
Command introduced in Junos OS Release 11.4.
Starting with Junos OS Release 15.1X49-D10 and Junos OS Release 17.3R1, the SRX5K-MPC3-100G10G (IOC3) and the SRX5K-MPC3-40G10G (IOC3) with Express Path (formerly known as services offloading) support are introduced for SRX5400, SRX5600, and SRX5800 devices.
This command is supported on the SRX1500, SRX 5800, SRX 5600, and SRX 5400 devices, and vSRX Virtual Firewall.