show security flow session family
Syntax
Release Information
Command introduced in Junos OS Release 10.2.
Description
Display filtered summary of information about existing sessions, including types of sessions, active and failed sessions, and the maximum allowed number of sessions.
Options
inet—Display details summary of IPv4 sessions.
inet6—Display details summary of IPv6 sessions.
brief | extensive | summary–Display the specified level of output.
Required Privilege Level
view
Related Documentation
List of Sample Output
show security flow session family inetshow security flow session family inet brief
show security flow session family inet extensive
show security flow session family inet summary
Output Fields
Table 1 lists the output fields for the show security flow session family command. Output fields are listed in the approximate order in which they appear.
Table 1: show security flow session family Output Fields
Field Name | Field Description |
|---|---|
Session ID | Number that identifies the session. Use this ID to get more information about the session. |
Policy name | Policy that permitted the traffic. |
Timeout | Idle timeout after which the session expires. |
In | Incoming flow (source and destination IP addresses, application protocol, interface, session token, route, gateway, tunnel, port sequence, FIN sequence, FIN state, packets and bytes). |
Out | Reverse flow (source and destination IP addresses, application protocol, interface, session token, route, gateway, tunnel, port sequence, FIN sequence, FIN state, packets and bytes). |
Total sessions | Total number of sessions. |
Status | Session status. |
Flag | Internal flag depicting the state of the session, used for debugging purposes. |
Policy name | Name and ID of the policy that the first packet of the session matched. |
Source NAT pool | The name of the source pool where NAT is used. |
Application | Name of the application. |
Maximum timeout | Maximum session timeout. |
Current timeout | Remaining time for the session unless traffic exists in the session. |
Session State | Session state. |
Start time | Time when the session was created, offset from the system start time. |
Unicast-sessions | Number of unicast sessions. |
Multicast-sessions | Number of multicast sessions. |
Failed-sessions | Number of failed sessions. |
Sessions-in-use | Number of sessions in use.
|
Maximum-sessions | Number of maximum sessions. |
Sample Output
show security flow session family inet
root> show security flow session family inetFlow Sessions on FPC10 PIC1: Total sessions: 0 Flow Sessions on FPC10 PIC2: Session ID: 420000107, Policy name: default-policy-00/2, Timeout: 4, Valid In: 203.0.113.0/3 --> 203.0.113.5/24;icmp, If: ge-7/1/0.0, Pkts: 1, Bytes: 84, CP Session ID: 420000202 Out: 203.0.113.4/24 --> 203.0.113.6/24;icmp, If: .local..0, Pkts: 1, Bytes: 84, CP Session ID: 420000202 Total sessions: 1 Flow Sessions on FPC10 PIC3: Session ID: 430000115, Policy name: default-policy-00/2, Timeout: 2, Valid In: 203.0.113.0/4 --> 203.0.113.5/24;icmp, If: ge-7/1/0.0, Pkts: 1, Bytes: 84, CP Session ID: 430000110 Out: 203.0.113.5/24 --> 203.0.113.6/24;icmp, If: .local..0, Pkts: 1, Bytes: 84, CP Session ID: 430000110 Session ID: 430000117, Policy name: default-policy-00/2, Timeout: 4, Valid In: 203.0.113.0/4 --> 203.0.113.5/24;icmp, If: ge-7/1/0.0, Pkts: 1, Bytes: 84, CP Session ID: 430000111 Out: 203.0.113.5/24 --> 203.0.113.6/24;icmp, If: .local..0, Pkts: 1, Bytes: 84, CP Session ID: 430000111 Total sessions: 2
show security flow session family inet brief
root> show security flow session family inet
briefFlow Sessions on FPC10 PIC1: Total sessions: 0 Flow Sessions on FPC10 PIC2: Session ID: 420000115, Policy name: default-policy-00/2, Timeout: 2, Valid In: 203.0.113.0/3 --> 203.0.113.5/24;icmp, If: ge-7/1/0.0, Pkts: 1, Bytes: 84, CP Session ID: 420000206 Out: 203.0.113.4/24 --> 203.0.113.6/24;icmp, If: .local..0, Pkts: 1, Bytes: 84, CP Session ID: 420000206 Session ID: 420000117, Policy name: default-policy-00/2, Timeout: 2, Valid In: 203.0.113.0/4 --> 203.0.113.5/24;icmp, If: ge-7/1/0.0, Pkts: 1, Bytes: 84, CP Session ID: 420000207 Out: 203.0.113.5/24 --> 203.0.113.6/24;icmp, If: .local..0, Pkts: 1, Bytes: 84, CP Session ID: 420000207 Total sessions: 2 Flow Sessions on FPC10 PIC3: Session ID: 430000119, Policy name: default-policy-00/2, Timeout: 2, Valid In: 203.0.113.0/4 --> 203.0.113.5/24;icmp, If: ge-7/1/0.0, Pkts: 1, Bytes: 84, CP Session ID: 430000112 Out: 203.0.113.5/24 --> 203.0.113.6/24;icmp, If: .local..0, Pkts: 1, Bytes: 84, CP Session ID: 430000112 Total sessions: 1
show security flow session family inet extensive
root> show security flow session family inet
extensiveFlow Sessions on FPC10 PIC1:
Session ID: 410000111, Status: Normal
Flags: 0x80400040/0x0/0x2800023
Policy name: default-policy-00/2
Source NAT pool: Null
Dynamic application: junos:UNKNOWN,
Encryption: Unknown
Application traffic control rule-set: INVALID, Rule: INVALID
Maximum timeout: 4, Current timeout: 4
Session State: Valid
Start time: 76455, Duration: 0
In: 203.0.113.0/24 --> 203.0.113.1/24;icmp,
Interface: ge-7/1/0.0,
Session token: 0x6, Flag: 0xc0000021
Route: 0xa0010, Gateway: 203.0.113.10, Tunnel: 0
Port sequence: 0, FIN sequence: 0,
FIN state: 0,
Pkts: 1, Bytes: 84
CP Session ID: 410000242
Out: 203.0.113.1/24 --> 203.0.113.10/4;icmp,
Interface: .local..0,
Session token: 0x2, Flag: 0x40000030
Route: 0xfffb0006, Gateway: 203.0.113.1, Tunnel: 0
Port sequence: 0, FIN sequence: 0,
FIN state: 0,
Pkts: 1, Bytes: 84
CP Session ID: 410000242
Total sessions: 1
Flow Sessions on FPC10 PIC2:
Session ID: 420000123, Status: Normal
Flags: 0x80400040/0x0/0x2800023
Policy name: default-policy-00/2
Source NAT pool: Null
Dynamic application: junos:UNKNOWN,
Encryption: Unknown
Application traffic control rule-set: INVALID, Rule: INVALID
Maximum timeout: 4, Current timeout: 2
Session State: Valid
Start time: 76454, Duration: 2
In: 203.0.113.10/24 --> 203.0.113.11/24;icmp,
Interface: ge-7/1/0.0,
Session token: 0x6, Flag: 0xc0000021
Route: 0xa0010, Gateway: 20010, Tunnel: 0
Port sequence: 0, FIN sequence: 0,
FIN state: 0,
Pkts: 1, Bytes: 84
CP Session ID: 420000210
Out: 203.0.113.11/24 --> 203.0.113.12/24;icmp,
Interface: .local..0,
Session token: 0x2, Flag: 0x40000030
Route: 0xfffb0006, Gateway: 203.0.113.1, Tunnel: 0
Port sequence: 0, FIN sequence: 0,
FIN state: 0,
Pkts: 1, Bytes: 84
CP Session ID: 420000210
Total sessions: 1
Flow Sessions on FPC10 PIC3:
Session ID: 430000131, Status: Normal
Flags: 0x80400040/0x0/0x2800023
Policy name: default-policy-00/2
Source NAT pool: Null
Dynamic application: junos:UNKNOWN,
Encryption: Unknown
Application traffic control rule-set: INVALID, Rule: INVALID
Maximum timeout: 4, Current timeout: 4
Session State: Valid
Start time: 76421, Duration: 1
In: 203.0.113.10/24 --> 203.0.113.11/24;icmp,
Interface: ge-7/1/0.0,
Session token: 0x6, Flag: 0xc0000021
Route: 0xa0010, Gateway: 203.0.113.10, Tunnel: 0
Port sequence: 0, FIN sequence: 0,
FIN state: 0,
Pkts: 1, Bytes: 84
CP Session ID: 430000118
Out: 203.0.113.12/24 --> 203.0.113.13/24;icmp,
Interface: .local..0,
Session token: 0x2, Flag: 0x40000030
Route: 0xfffb0006, Gateway: 203.0.113.1, Tunnel: 0
Port sequence: 0, FIN sequence: 0,
FIN state: 0,
Pkts: 1, Bytes: 84
CP Session ID: 430000118
Total sessions: 1show security flow session family inet summary
root> show security flow session family inet
summaryFlow Sessions on FPC10 PIC1: Valid sessions: 2 Pending sessions: 0 Invalidated sessions: 2 Sessions in other states: 0 Total sessions: 4 Flow Sessions on FPC10 PIC2: Valid sessions: 2 Pending sessions: 0 Invalidated sessions: 2 Sessions in other states: 0 Total sessions: 4 Flow Sessions on FPC10 PIC3: Valid sessions: 2 Pending sessions: 0 Invalidated sessions: 2 Sessions in other states: 0 Total sessions: 4