Understanding How to Obtain Session Information for SRX Series Services Gateways
You can obtain information about the sessions and packet flows active on your device, including detailed information about specific sessions. (The SRX Series device also displays information about failed sessions.) You can display this information to observe activity and for debugging purposes. For example, you can use the show security flow session command:
- To display a list of incoming and outgoing IP flows, including services
- To show the security attributes associated with a flow, for example, the policies that apply to traffic belonging to that flow
- To display the session timeout value, when the session became active, for how long it has been active, and if there is active traffic on the session
 | Note: If an interface NAT is configured and sessions are set up with the NAT using that interface IP address, whenever the interface IP address changes, the sessions set up with NAT get refreshed and new sessions will be setup with new IP address. This you can verify using show security flow session CLI command. |
For detailed information about this command, see the Junos OS CLI Reference.
Session information can also be logged if a related policy configuration includes the logging option. SeeInformation Provided in Session Log Entries for SRX Series Services Gateways for details about session information provided in system logs.
| Note: For the flow session log on all SRX Series devices, policy configuration has been enhanced. Information on the packet incoming interface parameter in the session log for session-init and session-close and when a session is denied by a policy or by the application firewall is provided to meet Common Criteria (CC) Medium Robustness Protection Profiles (MRPP) compliance: Policy configuration—To configure the policy for the session for which you want to log matches as log session-init or session-close and to record sessions in syslog:
Example : Flow match policy13 will record the following information in the log: <14>1 2010-09-30T14:55:04.323+08:00 mrpp-srx650-dut01 RT_FLOW - RT_FLOW_SESSION_CREATE [junos@2636.1.1.1.2.40 source-address="1.1.1.2" source-port="1" destination-address="2.2.2.2" destination-port="46384" service-name="icmp" nat-source-address="1.1.1.2" nat-source-port="1" nat-destination-address="2.2.2.2" nat-destination-port="46384" src-nat-rule-name="None" dst-nat-rule-name="None" protocol-id="1" policy-name="policy1" source-zone-name="trustZone" destination-zone-name="untrustZone" session-id-32="41" packet-incoming-interface="ge-0/0/1.0"] session created 1.1.1.2/1-->2.2.2.2/46384 icmp 1.1.1.2/1-->2.2.2.2/46384 None None 1 policy1 trustZone untrustZone 41 ge-0/0/1.0 <14>1 2010-09-30T14:55:07.188+08:00 mrpp-srx650-dut01 RT_FLOW - RT_FLOW_SESSION_CLOSE [junos@2636.1.1.1.2.40 reason="response received" source-address="1.1.1.2" source-port="1" destination-address="2.2.2.2" destination-port="46384" service-name="icmp" nat-source-address="1.1.1.2" nat-source-port="1" nat-destination-address="2.2.2.2" nat-destination-port="46384" src-nat-rule-name="None" dst-nat-rule-name="None" protocol-id="1" policy-name="policy1" source-zone-name="trustZone" destination-zone-name="untrustZone" session-id-32="41" packets-from-client="1" bytes-from-client="84" packets-from-server="1" bytes-from-server="84" elapsed-time="0" packet-incoming-interface="ge-0/0/1.0"] session closed response received: 1.1.1.2/1-->2.2.2.2/46384 icmp 1.1.1.2/1-->2.2.2.2/46384 None None 1 policy1 trustZone untrustZone 41 1(84) 1(84) 0 ge-0/0/1.0 |
