show security flow session

Syntax

show security flow session [<filter>] [brief | extensive | summary]

Release Information

Command introduced in Release 8.5 of Junos OS; Filter and view options added in Release 10.2 of Junos OS.

Description

Display information about all currently active security sessions on the device.

Options

application

Application name

destination-port

Destination port

destination-prefix

Destination IP prefix or address

family

Display session by family.

idp

Display IDP sessions.

interface

Name of incoming or outgoing interface

nat

Display sessions with network address translation.

protocol

IP protocol number

resource-manager

Display sessions with resource manager.

session-identifier

Display sessions with session identifier.

source-port

Source port

source-prefix

Source IP prefix

tunnel

Display tunnel sessions

brief | extensive | summary

Display the specified level of output.

none—Display information about all active sessions.

Required Privilege Level

view

Related Topics

flow

clear security flow session all

List of Sample Output

show security flow session
show security flow session brief
show security flow session extensive
show security flow session summary

Output Fields

Table 75 lists the output fields for the show security flow session command. Output fields are listed in the approximate order in which they appear.

Table 75: show security flow session Output Fields

Field Name

Field Description

Session ID

Number that identifies the session. Use this ID to get more information about the session.

Policy name

Policy that permitted the traffic.

Timeout

Idle timeout after which the session expires.

In

Incoming flow (source and destination IP addresses, application protocol, interface, session token, route, gateway, tunnel, port sequence, FIN sequence, FIN state, packets and bytes).

Out

Reverse flow (source and destination IP addresses, application protocol, interface, session token, route, gateway, tunnel, port sequence, FIN sequence, FIN state, packets and bytes).

Total sessions

Total number of sessions.

Status

Session status.

Flag

Internal flag depicting the state of the session, used for debugging purposes.

Policy name

Name and ID of the policy that the first packet of the session matched.

Source NAT pool

The name of the source pool where NAT is used.

Application

Name of the application.

Maximum timeout

Maximum session timeout.

Current timeout

Remaining time for the session unless traffic exists in the session.

Session State

Session state.

Start time

Time when the session was created, offset from the system start time.

Unicast-sessions

Number of unicast sessions.

Multicast-sessions

Number of multicast sessions.

Failed-sessions

Number of failed sessions.

Sessions-in-use

Number of sessions in use.

  • Valid sessions
  • Pending sessions
  • Invalidated sessions
  • Sessions in other states

Maximum-sessions

Number of maximum sessions.

Sample Output

show security flow session

root> show security flow session
Flow Sessions on FPC4 PIC1:
Total sessions: 0

Flow Sessions on FPC5 PIC0:

Session ID: 200000001, Policy name: default-policy/2, Timeout: 1794, Valid
  In: 40.0.0.111/32852 --> 30.0.0.100/21;tcp, If: ge-0/0/2.0, Pkts: 25, Bytes: 1138
  Out: 30.0.0.100/21 --> 40.0.0.111/32852;tcp, If: ge-0/0/1.0, Pkts: 20, Bytes: 1152
Total sessions: 1

Flow Sessions on FPC5 PIC1:
Total sessions: 0

root> show security flow session extensive 
Flow Sessions on FPC4 PIC1:
Total sessions: 0

show security flow session brief

root> show security flow session brief 
Flow Sessions on FPC4 PIC1:
Total sessions: 0

Flow Sessions on FPC5 PIC0:

Session ID: 200000001, Policy name: default-policy/2, Timeout: 1794, Valid
  In: 40.0.0.111/32852 --> 30.0.0.100/21;tcp, If: ge-0/0/2.0, Pkts: 25, Bytes: 1138
  Out: 30.0.0.100/21 --> 40.0.0.111/32852;tcp, If: ge-0/0/1.0, Pkts: 20, Bytes: 1152
Total sessions: 1

Flow Sessions on FPC5 PIC1:
Total sessions: 0

root> show security flow session extensive 
Flow Sessions on FPC4 PIC1:
Total sessions: 0

show security flow session extensive

root> show security flow session extensive
Flow Sessions on FPC4 PIC1:
Total sessions: 0

Flow Sessions on FPC5 PIC0:

Session ID: 200000001, Status: Normal
Flag: 0x42
Policy name: default-policy/2
Source NAT pool: Null, Application: junos-ftp/1
Maximum timeout: 1800, Current timeout: 1788
Session State: Valid
Start time: 247, Duration: 12
   In: 40.0.0.111/32852 --> 30.0.0.100/21;tcp, 
    Interface: ge-0/0/2.0, 
    Session token: 0x180, Flag: 0x0x2621
    Route: 0x40010, Gateway: 40.0.0.111, Tunnel: 0
    Port sequence: 0, FIN sequence: 0, 
    FIN state: 0, 
    Pkts: 25, Bytes: 1138
   Out: 30.0.0.100/21 --> 40.0.0.111/32852;tcp, 
    Interface: ge-0/0/1.0, 
    Session token: 0x1c0, Flag: 0x0x2620
    Route: 0x50010, Gateway: 30.0.0.100, Tunnel: 0
    Port sequence: 0, FIN sequence: 0,  
    FIN state: 0, 
    Pkts: 20, Bytes: 1152
Total sessions: 1

Flow Sessions on FPC5 PIC1:
Total sessions: 0

show security flow session summary

root> show security flow session summary
Flow Sessions on FPC4 PIC1:
Unicast-sessions: 0
Multicast-sessions: 0
Failed-sessions: 0
Sessions-in-use: 0
  Valid sessions: 0
  Pending sessions: 0
  Invalidated sessions: 0
  Sessions in other states: 0
Maximum-sessions: 819200

Flow Sessions on FPC5 PIC0:
Unicast-sessions: 1
Multicast-sessions: 0
Failed-sessions: 0
Sessions-in-use: 1
  Valid sessions: 1
  Pending sessions: 0
  Invalidated sessions: 0
  Sessions in other states: 0
Maximum-sessions: 819200

Flow Sessions on FPC5 PIC1:
Unicast-sessions: 0                     
Multicast-sessions: 0
Failed-sessions: 0
Sessions-in-use: 0
  Valid sessions: 0
  Pending sessions: 0
  Invalidated sessions: 0
  Sessions in other states: 0
Maximum-sessions: 819200

Sample Output

Copyright© 1999-2010 Juniper Networks, Inc. All rights reserved.