You can use the commands described in this section to display information about sessions and how to terminate them.
You can obtain information about the sessions and packet flows active on your device, including detailed information about specific sessions. (The services gateway also displays information about failed sessions.) You can display this information to observe activity and for debugging purposes. For example, you can use the show security flow session command:
For detailed information about this command, see the JUNOS Software CLI Reference.
You can use the following command to obtain information about configured parameters that apply to all flows, or sessions:
The show security flow configuration command displays the following information:
For detailed information about this command, see the JUNOS Software CLI Reference.
You can use the following show security flow command to determine the kinds of sessions on your device, how many of each kind there are—for example, the number of unicast sessions and multicast sessions—the number of failed sessions, and the maximum number of sessions that the services gateway supports:
You can use the following show security flow session command to display information about all sessions on your services gateway, including the session ID, the virtual system the session belongs to, the NAT source pool (if source NAT is used), the configured timeout value for the session and its standard timeout, and the session start time and how long the session has been active. The display also shows all standard flow information, including the direction of the flow, the source address and port, the destination address and port, the IP protocol, and the interface used for the session:
When you know the session identifier, you can use the following command to display all session and flow information for a specific session rather than for all sessions.
You can display flow and session information about one or more sessions by specifying a filter as an argument to the show security flow session command. You can use the following filters: source-prefix, destination-prefix, source-port, destination-port, protocol, interface-name, resource-manager, tunnel, and application. The services gateway displays the information for each session followed by a line specifying the number of sessions reported on. Here is an example of the command using the source-prefix filter:
You can use the clear command to terminate sessions. You can clear all sessions, including sessions of a particular application type, sessions that use a specific destination port, sessions that use a specific interface or port, sessions that use a certain IP protocol, sessions that match a source prefix, and resource manager sessions.
You can use the following command to terminate all sessions except tunnel and resource manager sessions. The command output shows the number of sessions cleared. Be aware that this command terminates the management session through which the clear command is issued.
You can use the following command to terminate the session whose session ID you specify:
You can terminate one or more sessions based on the filter parameter you specify for the clear command. The following example uses the protocol as a filter:
