Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 

show security flow session

 

Syntax

Release Information

Command introduced in Junos OS Release 8.5.

Support for filter and view options added in Junos OS Release 10.2.

Application firewall, dynamic application, and logical system filters added in Junos OS Release 11.2.

Policy ID filter added in Junos OS Release 12.3X48-D10.

Support for connection tag added in Junos OS Release 15.1X49-D40.

The tenant option introduced in Junos OS Release 18.3R1.

Description

Display information about all currently active security sessions on the device. For the normal flow sessions, the show security flow session command displays byte counters based on IP header length. However, for sessions in Express Path mode, the statistics are collected from the IOC2 (SRX5K-MPC), IOC3 (SRX5K-MPC3-100G10G and SRX5K-MPC3-40G10G), and IOC4 (SRX5K-IOC4-MRAT and SRX5K-IOC4-10G) ASIC hardware engines and include full packet length with L2 headers. Because of this, the output displays slightly larger byte counters for sessions in Express Path mode than for the normal flow session.

Options

  • filter—Filter the display by the specified criteria.

    The following filters reduce the display to those sessions that match the criteria specified by the filter. Refer to the specific show command for examples of the filtered output.

    advanced-anti-malwareShow advanced-anti-malware sessions. For details on the advanced-anti-malware option, see the Sky Advanced Threat Prevention CLI Reference Guide.
    all-logical-systems-tenantsAll multitenancy systems.
    applicationPredefined application name.
    application-firewallApplication firewall enabled.
    application-firewall-rule-setApplication firewall enabled with the specified rule set.
    application-traffic-controlApplication traffic control session.
    application-traffic-control-rule-setApplication traffic control rule set name and rule name.
    conn-tagSession connection tag (0..4294967295).
    destination-portDestination port.
    destination-prefixDestination IP prefix or address.
    dynamic-applicationDynamic application.
    dynamic-application-groupDynamic application.
    encryptedEncrypted traffic.
    familyDisplay session by family.
    idpIDP-enabled sessions.
    interfaceName of incoming or outgoing interface.
    logical-system (all | logical-system-name)Name of a specific logical system or all to display all logical systems.
    natDisplay sessions with network address translation.
    node(Optional) For chassis cluster configurations, display security flow session information on a specific node (device) in the cluster.
    • node-id —Identification number of the node. It can be 0 or 1.

    • all —Display information about all nodes.

    • local —Display information about the local node.

    • primary—Display information about the primary node.

    policy-idDisplay session information based on policy ID; the range is 1 through 4,294,967,295.
    protocolIP protocol number.
    resource-managerResource manager.
    root-logical-systemDisplay root logical system as default.
    security-intelligenceDisplay security intelligence sessions.
    services-offloadDisplay services offload sessions.
    session-identifierDisplay session with specified session identifier.
    source-portSource port.
    source-prefixSource IP prefix.
    tenantDisplays the security flow session information for a tenant system.
    tunnelTunnel sessions.
  • brief | extensive | summary—Display the specified level of output.

  • none—Display information about all active sessions.

Required Privilege Level

view

List of Sample Output

show security flow session

show security flow session (with default policy)

show security flow session brief

show security flow session extensive

show security flow session extensive

show security flow session summary

Output Fields

Table 1 lists the output fields for the show security flow session command. Output fields are listed in the approximate order in which they appear.

Table 1: show security flow session Output Fields

Field Name

Field Description

Level of Output

Session ID

Number that identifies the session. Use this ID to get more information about the session.

brief

extensive

none

If

Interface name.

brief

none

State

Status of security flow session.

brief

extensive

none

Conn Tag

A 32-bit connection tag that uniquely identifies the GPRS tunneling protocol, user plane (GTP-U) and the Stream Control Transmission Protocol (STCP) sessions. The connection tag for GTP-U is the tunnel endpoint identifier (TEID) and for SCTP is the vTag. The connection ID remains 0 if the connection tag is not used by the sessions.

brief

extensive

none

CP Session ID

Number that identifies the central point session. Use this ID to get more information about the central point session.

brief

extensive

none

Policy name

Name and ID of the policy that the first packet of the session matched.

brief

extensive

none

Timeout

Idle timeout after which the session expires.

brief

extensive

none

In

Incoming flow (source and destination IP addresses, application protocol, interface, session token, route, gateway, tunnel, port sequence, FIN sequence, FIN state, packets and bytes).

brief

extensive

none

Bytes

Number of received and transmitted bytes.

brief

extensive

none

Pkts

Number of received and transmitted packets.

brief

extensive

none

Total sessions

Total number of sessions.

brief

extensive

none

Out

Reverse flow (source and destination IP addresses, application protocol, interface, session token, route, gateway, tunnel, port sequence, FIN sequence, FIN state, packets and bytes).

brief

extensive

none

Status

Session status.

extensive

Flag

Internal flag depicting the state of the session, used for debugging purposes.

extensive

Source NAT pool

The name of the source pool where NAT is used.

extensive

Dynamic application

Name of the application.

extensive

Application traffic control rule-set

AppQoS rule set for this session.

extensive

Rule

AppQoS rule for this session.

extensive

Maximum timeout

Maximum session timeout.

extensive

Current timeout

Remaining time for the session unless traffic exists in the session.

extensive

Session State

Session state.

extensive

Start time

Time when the session was created, offset from the system start time.

extensive

Unicast-sessions

Number of unicast sessions.

Summary

Multicast-sessions

Number of multicast sessions.

Summary

Services-offload-sessions

Number of services-offload sessions.

Summary

Failed-sessions

Number of failed sessions.

Summary

Sessions-in-use

Number of sessions in use.

  • Valid sessions

  • Pending sessions

  • Invalidated sessions

  • Sessions in other states

Summary

Maximum-sessions

Maximum number of sessions permitted.

Summary

Sample Output

show security flow session

root> show security flow session

show security flow session (with default policy)

root> show security flow session

show security flow session brief

root> show security flow session brief

show security flow session extensive

root> show security flow session extensive

show security flow session extensive

root> show security flow session extensive

show security flow session summary

root> show security flow session summary