Obtaining Information About Sessions and Terminating Them

You can use the commands described in this section to display information about sessions and how to terminate them.

Obtaining Information About Sessions

You can obtain information about the sessions and packet flows active on your device, including detailed information about specific sessions. (The SRX Series device also displays information about failed sessions.) You can display this information to observe activity and for debugging purposes. For example, you can use the show security flow session command:

• To display a list of incoming and outgoing IP flows, including services
• To show the security attributes associated with a flow, for example, the policies that apply to traffic belonging to that flow
• To display the session timeout value, when the session became active, for how long it has been active, and if there is active traffic on the session

For detailed information about this command, see the JUNOS Software CLI Reference.

Session information can also be logged if a related policy configuration includes the logging option. See Monitoring Policy Statistics for how to enable logging in a policy configuration. See Information Provided in Session Log Entries for details about session information provided in system logs.

Displaying Global Session Parameters

You can use the following command to obtain information about configured parameters that apply to all flows, or sessions:

The show security flow configuration command displays the following information:

• allow-dns-reply—Identifies if unmatched incoming Domain Name System (DNS) reply packets are allowed.
• route-change-timeout—If enabled, displays the session timeout value to be used on a route change to a nonexistent route.
• tcp-mss—Shows the current configuration for the TCP maximum segment size value to be used for all TCP packets for network traffic.
• tcp-session—Displays all configured parameters that control session parameters, examples of which are described in Changing Session Characteristics.
• syn-flood-protection-mode—Displays the SYN Proxy mode.

For detailed information about this command, see the JUNOS Software CLI Reference.

Displaying a Summary of Sessions

You can use the following show security flow command to determine the kinds of sessions on your device, how many of each kind there are—for example, the number of unicast sessions and multicast sessions—the number of failed sessions, and the maximum number of sessions that the SRX Series device supports:

Displaying Session and Flow Information About Sessions

You can use the following show security flow session command to display information about all sessions on your SRX Series device, including the session ID, the virtual system the session belongs to, the NAT source pool (if source NAT is used), the configured timeout value for the session and its standard timeout, and the session start time and how long the session has been active. The display also shows all standard flow information, including the direction of the flow, the source address and port, the destination address and port, the IP protocol, and the interface used for the session:

Displaying Session and Flow Information About a Specific Session

When you know the session identifier, you can use the following command to display all session and flow information for a specific session rather than for all sessions.

Using Filters to Display Session and Flow Information

You can display flow and session information about one or more sessions by specifying a filter as an argument to the show security flow session command. You can use the following filters: source-prefix, destination-prefix, source-port, destination-port, protocol, interface-name, resource-manager, tunnel, and application. The SRX Series device displays the information for each session followed by a line specifying the number of sessions reported on. Here is an example of the command using the source-prefix filter:

Information Provided in Session Log Entries

Session log entries are tied to policy configuration. Each main session event—create, close, and deny—will create a log entry if the controlling policy has enabled logging. See Monitoring Policy Statistics for an explanation of how to enable logging in a policy configuration.

Different fields are logged for session create, session close, and session deny events as shown in Table 61, Table 62, and Table 63. The same field name under each type indicates that the same information is logged, but each table is a full list of all data recorded for that type of session log.

Information displayed in session log entries includes the following:

Table 61: Session Create Log Fields

Table 62: Session Close Log Fields

Table 63: Session Deny Log Fields

Terminating Sessions

You can use the clear command to terminate sessions. You can clear all sessions, including sessions of a particular application type, sessions that use a specific destination port, sessions that use a specific interface or port, sessions that use a certain IP protocol, sessions that match a source prefix, and resource manager sessions.

Terminating All Sessions

You can use the following command to terminate all sessions except tunnel and resource manager sessions. The command output shows the number of sessions cleared. Be aware that this command terminates the management session through which the clear command is issued.

Terminating a Specific Session

You can use the following command to terminate the session whose session ID you specify:

Using Filters to Specify the Sessions to Be Terminated

You can terminate one or more sessions based on the filter parameter you specify for the clear command. The following example uses the protocol as a filter: