Obtaining Information About Sessions By Using the Operational show Command

You can obtain information about the sessions and packet flows active on your device, including detailed information about specific sessions. (The services gateway also displays information about failed sessions.) You can display this information to observe activity and for debugging purposes. For example, you can use the show security flow session command:

• To display a list of incoming and outgoing IP flows, including services
• To show the security attributes associated with a flow, for example, the policies that apply to traffic belonging to that flow
• To display the session timeout value, when the session became active, for how long it has been active, and if there is active traffic on the session

For detailed information about this command, see the JUNOS Software CLI Reference.

Displaying a Summary of Sessions

You can use the following show security flow command to determine the kinds of sessions on your device, how many of each kind there are—for example, the number of unicast sessions and multicast sessions—the number of failed sessions, and the maximum number of sessions that the services gateway supports:

Displaying Session and Flow Information About Sessions

You can use the following show security flow session command to display information about all sessions on your services gateway, including the session ID, the virtual system the session belongs to, the NAT source pool (if source NAT is used), the configured timeout value for the session and its standard timeout, and the session start time and how long the session has been active. The display also shows all standard flow information, including the direction of the flow, the source address and port, the destination address and port, the IP protocol, and the interface used for the session:

Displaying Session and Flow Information About a Specific Session

When you know the session identifier, you can use the following command to display all session and flow information for a specific session rather than for all sessions.

Using Filters to Display Session and Flow Information

You can display flow and session information about one or more sessions by specifying a filter as an argument to the show security flow session command. You can use the following filters: source-prefix, destination-prefix, source-port, destination-port, protocol, interface-name, resource-manager, tunnel, and application. The services gateway displays the information for each session followed by a line specifying the number of sessions reported on. Here is an example of the command using the source-prefix filter:

Copyright © 2008, Juniper Networks, Inc. All rights reserved. Trademark Notice.