show security flow session
Syntax
show security flow session [filter] [brief | extensive | summary]
<node (node-id | all | local | primary)>
<nat number>
<nat-port-overload-index number>
<source-nat-pool source-nat-pool-name>
Description
Display
information about all currently active security sessions on the device.
For the normal flow sessions, the show security flow session command displays byte counters based on IP header length. However,
for sessions in Express Path mode, the statistics are collected from
the IOC2 (SRX5K-MPC), IOC3 (SRX5K-MPC3-100G10G and SRX5K-MPC3-40G10G),
and IOC4 (SRX5K-IOC4-MRAT and SRX5K-IOC4-10G) ASIC hardware engines
and include full packet length with L2 headers. Because of this, the
output displays slightly larger byte counters for sessions in Express
Path mode than for the normal flow session.
Options
filter—Filter the display by the specified criteria.
The following filters reduce the display to those sessions that match the criteria specified by the filter. Refer to the specific
showcommand for examples of the filtered output.advanced-anti-malware Show advanced-anti-malware sessions. For details on the
advanced-anti-malwareoption, see the Sky Advanced Threat Prevention CLI Reference Guide.all-logical-systems-tenants All multitenancy systems.
application Predefined application name.
application-firewall Application firewall enabled.
application-firewall-rule-set Application firewall enabled with the specified rule set.
application-traffic-control Application traffic control session.
application-traffic-control-rule-set Application traffic control rule set name and rule name.
bytes-less-than Define session's bytes-count less than a value (1..4294967295). bytes-more-than Define session's bytes-count more a value (1..4294967295). conn-tag Session connection tag (0..4294967295).
content-filtering Display the content filtering session details.
curr-less-than Define session's current-timeout value less than a value (1..100000). curr-more-than Define session's current-timeout value more than a value (1..100000). destination-port Destination port.
destination-prefix Destination IP prefix or address.
dynamic-application Dynamic application.
dynamic-application-group Dynamic application.
duration-less-than Define session's duration time less than a value (1..100000). duration-more-than Define session's duration time more than a value (1..100000). encrypted Encrypted traffic.
family Display session by family.
ha-link Display HA link session information. idp IDP-enabled sessions.
interface Name of incoming or outgoing interface.
logical-system (all | logical-system-name) Name of a specific logical system or
allto display all logical systems.nat Display sessions with network address translation.
nat-port-overload-index Displays NAT port overload index; the range is 0 through 127. node(Optional) For chassis cluster configurations, display security flow session information on a specific node (device) in the cluster.
-
node-id—Identification number of the node. It can be 0 or 1. -
all—Display information about all nodes. -
local—Display information about the local node. -
primary—Display information about the primary node.
packets-less-than Define session's packets-count less than a value (1..4294967295). packets-more-than Define session's packets-count more than a value (1..4294967295). plugin-name Plugin name. plugin-status Plugin status. plugins Display the flow session information of plugins. policy-id Display session information based on policy ID; the range is 1 through 4,294,967,295.
pretty Display the flow session information in a list to make it easy for you to read and monitor. protocol IP protocol number.
resource-manager Resource manager.
root-logical-system Display root logical system as default.
security-intelligence Display security intelligence sessions.
services-offload Display services offload sessions.
session-identifier Display session with specified session identifier.
session-state Session state. source-nat-pool Displays the source NAT pool name. source-port Source port.
source-prefix Source IP prefix.
ssl Display the SSL proxy sessions information. tenant Displays the security flow session information for a tenant system.
timeout-less-than Define session's timeout value less than a value (1..100000). timeout-more-than Define session's timeout value more than a value (1..100000). tunnel Tunnel sessions.
tunnel-inspection-type Tunnel inspection type
gre Displays gre tunnel inspection
ipip Displays ipip tunnel inspection
vxlan Displays vxlan tunnel inspection
vxlan-vni It only lists the tunnel session which vni matches the one you specify in the command.
url-category Display flow session information by url-category. vrf-group Display flow session information by L3VPN VRF Group. web-filtering Display the web filtering sessions details. -
brief | extensive | summary—Display the specified level of output.
none—Display information about all active sessions.
Required Privilege Level
view
Output Fields
Table 1 lists the output
fields for the show security flow session command. Output
fields are listed in the approximate order in which they appear.
Field Name |
Field Description |
Level of Output |
|---|---|---|
|
Number that identifies the session. Use this ID to get more information about the session. |
brief extensive none |
If |
Interface name. |
brief none |
State |
Status of security flow session. |
brief extensive none |
|
A 32-bit connection tag that uniquely identifies the GPRS tunneling protocol, user plane (GTP-U) and the Stream Control Transmission Protocol (STCP) sessions. The connection tag for GTP-U is the tunnel endpoint identifier (TEID) and for SCTP is the vTag. The connection ID remains 0 if the connection tag is not used by the sessions. |
brief extensive none |
|
Number that identifies the central point session. Use this ID to get more information about the central point session. |
brief extensive none |
|
Name and ID of the policy that the first packet of the session matched. |
brief extensive none |
|
Idle timeout after which the session expires. |
brief extensive none |
|
Incoming flow (source and destination IP addresses, application protocol, interface, session token, route, gateway, tunnel, port sequence, FIN sequence, FIN state, packets and bytes). |
brief extensive none |
Bytes |
Number of received and transmitted bytes. |
brief extensive none |
Pkts |
Number of received and transmitted packets. |
brief extensive none |
|
Total number of sessions. |
brief extensive none |
|
Reverse flow (source and destination IP addresses, application protocol, interface, session token, route, gateway, tunnel, port sequence, FIN sequence, FIN state, packets and bytes). |
brief extensive none |
|
Session status. |
extensive |
|
Internal flag depicting the state of the session, used for debugging purposes. |
extensive |
|
The name of the source pool where NAT is used. |
extensive |
|
Name of the application. |
extensive |
|
AppQoS rule set for this session. |
extensive |
|
AppQoS rule for this session. |
extensive |
|
Maximum session timeout. |
extensive |
|
Remaining time for the session unless traffic exists in the session. |
extensive |
|
Session state. |
extensive |
|
Time when the session was created, offset from the system start time. |
extensive |
|
Number of unicast sessions. |
Summary |
|
Number of multicast sessions. |
Summary |
|
Number of services-offload sessions. |
Summary |
|
Number of failed sessions. |
Summary |
|
Number of sessions in use.
|
Summary |
|
Maximum number of sessions permitted. |
Summary |
Sample Output
- show security flow session
- show security flow session (with default policy)
- show security flow session (drop flow)
- show security flow session (IPv6 tunnel)
- show security flow session brief
- show security flow session content-filtering
- show security flow session extensive
- show security flow session extensive
- show security flow session summary
- show security flow session tunnel-inspection-type
- show security flow session tunnel-inspection-type
- show security flow session web-filtering
show security flow session
root> show security flow session Flow Sessions on FPC0 PIC1: Session ID: 10115977, Policy name: SG/4, State: Active, Timeout: 56, Valid In: 203.0.113.1/1000 --> 203.0.113.11/2000;udp, Conn Tag: 0x0, If: reth1.0, Pkts: 1, Bytes: 86, CP Session ID: 10320276 Out: 203.0.113.11/2000 --> 203.0.113.1/1000;udp, Conn Tag: 0x0, If: reth0.0, Pkts: 0, Bytes: 0, CP Session ID: 10320276 Total sessions: 1
show security flow session (with default policy)
root> show security flow session Session ID: 36, Policy name: pre-id-default-policy/n, Timeout: 2, Valid In: 10.10.10.2/61606 --> 10.10.10.1/179;tcp, Conn Tag: 0x0, If: ge-0/0/2.0, Pkts: 1, Bytes: 64, Out: 10.10.10.1/179 --> 10.10.10.2/61606;tcp, Conn Tag: 0x0, If: .local..0, Pkts: 1, Bytes: 40,
show security flow session (drop flow)
Shows dropped flows for SRX5400.
root> show security flow session Outgoing wing: CP session ID: 12, CP sess SPU Id: 4617 1.0.0.1/55069 <- 1.0.0.254/23;6, Conn, Drop Flow Tag: 0x0, VRF GRP ID: 0(0), If: xe-1/0/0.0 (7), Flag: 0x40000020, Vector index: 0x00000002 WSF: 1, Diff: 0, Sequence: 0, Ack: 0, Port sequence: 0, FIN sequence: 0, FIN state: 0 Zone Id: 7, NH: 0x40010, NSP tunnel: 0x0, NP info: 0xffthread id:255
show security flow session (IPv6 tunnel)
root> show security flow session Session ID: 44, Policy name: N/A, State: Stand-alone, Timeout: N/A, Valid In: 9001::4/1 --> 9001::3/1;ipip, Conn Tag: 0x0, If: ge-0/0/0.0, Pkts: 0, Bytes: 0, Session ID: 45, Policy name: N/A, State: Stand-alone, Timeout: N/A, Valid In: 9001::4/1 --> 9001::3/1;ipv6, Conn Tag: 0x0, If: ge-0/0/0.0, Pkts: 0, Bytes: 0, Session ID: 57, Policy name: default-policy-logical-system-00/2, State: Stand-alone, Timeout: 1796, Valid In: 20.0.0.2/37628 --> 30.0.0.2/22;tcp, Conn Tag: 0x0, If: ge-0/0/1.0, Pkts: 22, Bytes: 4409, Out: 30.0.0.2/22 --> 20.0.0.2/37628;tcp, Conn Tag: 0x0, If: ip-0/0/0.1, Pkts: 30, Bytes: 5209, Session ID: 58, Policy name: default-policy-logical-system-00/2, State: Stand-alone, Timeout: 1784, Valid In: 2001::2/58602 --> 3001::2/22;tcp, Conn Tag: 0x0, If: ge-0/0/1.0, Pkts: 31, Bytes: 5569, Out: 3001::2/22 --> 2001::2/58602;tcp, Conn Tag: 0x0, If: ip-0/0/0.1, Pkts: 28, Bytes: 6249, Total sessions: 4
show security flow session brief
root> show security flow session brief Flow Sessions on FPC0 PIC1: Session ID: 10115977, Policy name: SG/4, State: Active, Timeout: 62, Valid In: 203.0.113.11/1000 --> 203.0.113.1/2000;udp, Conn Tag: 0x0, If: reth1.0, Pkts: 1, Bytes: 86, CP Session ID: 10320276 Out: 203.0.113.1/2000 --> 203.0.113.11/1000;udp, Conn Tag: 0x0, If: reth0.0, Pkts: 0, Bytes: 0, CP Session ID: 10320276 Total sessions: 1
show security flow session content-filtering
root> show security flow session content-filtering Flow Sessions on FPC0 PIC1: Session ID: 10115977, Policy name: SG/4, State: Active, Timeout: 62, Valid In: 192.0.2.0/24/1000 --> 203.0.113.0/2000;udp, Conn Tag: 0x0, If: reth1.0, Pkts: 1, Bytes: 86, CP Session ID: 10320276 Out: 203.0.113.0/2000 --> 192.0.2.0/24/1000;udp, Conn Tag: 0x0, If: reth0.0, Pkts: 0, Bytes: 0, CP Session ID: 10320276 Total sessions: 1
show security flow session extensive
root> show security flow session extensive
Flow Sessions on FPC0 PIC1:
Session ID: 10115977, Status: Normal, State: Active
Flags: 0x8000040/0x18000000/0x12000003
Policy name: SG/4
Source NAT pool: Null, Application: junos-gprs-gtp-v0-udp/76
Dynamic application: junos:UNKNOWN,
Encryption: Unknown
Application traffic control rule-set: INVALID, Rule: INVALID
Maximum timeout: 90, Current timeout: 54
Session State: Valid
Start time: 6704, Duration: 35
In: 203.0.113.11/1000 --> 201.11.0.100/2000;udp,
Conn Tag: 0x0, Interface: reth1.0,
Session token: 0x6, Flag: 0x40000021
Route: 0x86053c2, Gateway: 201.10.0.100, Tunnel: 0
Port sequence: 0, FIN sequence: 0,
FIN state: 0,
Pkts: 1, Bytes: 86
CP Session ID: 10320276
Out: 203.0.113.1/2000 --> 203.0.113.11/1000;udp,
Conn Tag: 0x0, Interface: reth0.0,
Session token: 0x7, Flag: 0x50000000
Route: 0x86143c2, Gateway: 203.0.113.11, Tunnel: 0
Port sequence: 0, FIN sequence: 0,
FIN state: 0,
Pkts: 0, Bytes: 0
CP Session ID: 10320276
Total sessions: 1show security flow session extensive
root> show security flow session extensive
Flow Sessions on FPC0 PIC0:
Session ID: 10000059, Status: Normal
Flags: 0x10000/0x0/0x10/0x1
Policy name: N/A
Source NAT pool: Null
Dynamic application: junos:UNKNOWN,
Encryption: Unknown
Application traffic control rule-set: INVALID, Rule: INVALID
Maximum timeout: N/A, Current timeout: N/A
Session State: Valid
Start time: 642, Duration: 369
In: 3.0.0.2/64387 --> 2.0.0.1/8940;esp,
Conn Tag: 0x0, Interface: xe-2/0/2.0,
Session token: 0x7, Flag: 0x80100621
Route: 0xc0010, Gateway: 2.0.0.2, Tunnel: 0
ESP/AH frag Rx: 0, Generated: 0
Inner IPv4 frag Rx: 0, Tx: 0, Generated: 0,
Inner IPv6 frag Rx: 0, Tx: 0, Generated: 0
Port sequence: 0, FIN sequence: 0,
FIN state: 0,
Pkts: 25, Bytes: 3760
CP Session ID: 0
Session ID: 10000060, Status: Normal
Flags: 0x10000/0x0/0x10/0x1
Policy name: N/A
Source NAT pool: Null
Dynamic application: junos:UNKNOWN,
Encryption: Unknown
Application traffic control rule-set: INVALID, Rule: INVALID
Maximum timeout: N/A, Current timeout: N/A
Session State: Valid
Start time: 642, Duration: 369
In: 3.0.0.2/0 --> 2.0.0.1/0;esp,
Conn Tag: 0x0, Interface: xe-2/0/2.0,
Session token: 0x7, Flag: 0x621
Route: 0xc0010, Gateway: 2.0.0.2, Tunnel: 0
ESP/AH frag Rx: 0, Generated: 0
Inner IPv4 frag Rx: 0, Tx: 0, Generated: 0,
Inner IPv6 frag Rx: 0, Tx: 0, Generated: 0
Port sequence: 0, FIN sequence: 0,
FIN state: 0,
Pkts: 0, Bytes: 0
CP Session ID: 0
Total sessions: 2
show security flow session summary
root> show security flow session summary Flow Sessions on FPC10 PIC1: Unicast-sessions: 1 Multicast-sessions: 0 Services-offload-sessions: 0 Failed-sessions: 0 Sessions-in-use: 1 Valid sessions: 1 Pending sessions: 0 Invalidated sessions: 0 Sessions in other states: 0 Maximum-sessions: 6291456 Flow Sessions on FPC10 PIC2: Unicast-sessions: 0 Multicast-sessions: 0 Services-offload-sessions: 0 Failed-sessions: 0 Sessions-in-use: 0 Valid sessions: 0 Pending sessions: 0 Invalidated sessions: 0 Sessions in other states: 0 Maximum-sessions: 6291456 Flow Sessions on FPC10 PIC3: Unicast-sessions: 0 Multicast-sessions: 0 Services-offload-sessions: 0 Failed-sessions: 0 Sessions-in-use: 0 Valid sessions: 0 Pending sessions: 0 Invalidated sessions: 0 Sessions in other states: 0 Maximum-sessions: 6291456
show security flow session tunnel-inspection-type
root> show security flow session tunnel-inspection-type vxlan Session ID: 335544369, Policy name: p1/7, Timeout: 2, Valid In: 192.168.200.100/19183 --> 192.168.200.101/2;icmp, Conn Tag: 0xfcd, If: xe-7/0/0.0, Pkts: 2, Bytes: 2048, CP Session ID: 30, Tunnel Session ID: 268435486, Type: VXLAN, VNI: 1000 Out: 192.168.200.101/2 --> 192.168.200.100/19183;icmp, Conn Tag: 0xfcd, If: xe-7/0/1.0, Pkts: 2, Bytes: 2048, CP Session ID: 30, Tunnel Session ID: 268435488, Type: VXLAN, VNI: 1000
show security flow session tunnel-inspection-type
root> show security flow session vxlan-vni 400 Session ID: 1677861258, Policy name: pset1_p1/6, Timeout: 2, Valid In: 192.150.0.12/55908 --> 192.160.0.66/80;tcp, Conn Tag: 0xfcd, If: xe-3/0/0.0, Pkts: 5, Bytes: 465, CP Session ID: 7021087, Type: VXLAN, VNI: 400, Tunnel Session ID: 1680264845 Out: 192.160.0.66/80 --> 192.150.0.12/55908;tcp, Conn Tag: 0xfcd, If: xe-3/0/1.0, Pkts: 3, Bytes: 328, CP Session ID: 7021087, Type: VXLAN, VNI: 400, Tunnel Session ID: 1679640460 Session ID: 1678454648, Policy name: pset1_p1/6, Timeout: 2, Valid In: 192.150.0.13/56659 --> 192.160.0.67/80;tcp, Conn Tag: 0xfcd, If: xe-3/0/0.0, Pkts: 5, Bytes: 465, CP Session ID: 5589311, Type: VXLAN, VNI: 400, Tunnel Session ID: 1679698941 Out: 192.160.0.67/80 --> 192.150.0.13/56659;tcp, Conn Tag: 0xfcd, If: xe-3/0/1.0, Pkts: 3, Bytes: 328, CP Session ID: 5589311, Type: VXLAN, VNI: 400, Tunnel Session ID: 1679872223
show security flow session web-filtering
root> show security flow session web-filtering Session ID: 256, Policy name: p/4, Timeout: 1794, Session State: Valid In: 198.51.100.0/33170 --> 203.0.113.0/443;tcp, Conn Tag: 0x0, If: ge-0/0/0.0, Pkts: 3, Bytes: 351, Out: 203.0.113.0/443 --> 192.0.2.0/13089;tcp, Conn Tag: 0x0, If: ge-0/0/2.0, Pkts: 1, Bytes: 44, Total sessions: 1
Release Information
Command introduced in Junos OS Release 8.5.
Support for filter and view options added in Junos OS Release 10.2.
Application firewall, dynamic application, and logical system filters added in Junos OS Release 11.2.
Policy ID filter added in Junos OS Release 12.3X48-D10.
Support for connection tag added in Junos OS Release 15.1X49-D40.
The tenant option introduced in Junos OS Release 18.3R1.
The tunnel-inspection-type option is introduced in Junos OS Release
20.4R1.
The content filtering and Web filtering filtering options
are introduced in Junos OS Release 23.1R1.
The nat, nat-port-overload-index, and
source-nat-pool are introduced in Junos OS Release 23.4R1.