Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
ON THIS PAGE
 

clear security flow session nat

Syntax

Description

Clear all active sessions with NAT configurations or the active NAT session identified by a session parameter.

Network Address Translation (NAT) is now used primarily to improve traffic security. But it also offers solutions to IP address constraints prior to the advent and implementation of IPv6. NAT allows you to remap one IP address space to another. Network address information in the IP datagram packet headers are modified to achieve the translation.

Options

application

Name of the application protocol

  • dns—Domain Name System

  • ftp—File Transfer Protocol

  • ignore—Ignore application type

  • mgcp-ca—Media Gateway Control Protocol with Call Agent

  • mgcp-ua—MGCP with User Agent

  • ms-rpc—Microsoft RPC

  • pptp—Point-to-Point Tunneling Protocol

  • q931—ISDN connection control protocol

  • ras—RAS

  • realaudio—RealAudio

  • rsh—UNIX remote shell services

  • rtsp—Real-Time Streaming Protocol

  • sccp—Skinny Client Control Protocol

  • sip—Session Initiation Protocol

  • sqlnet-v2—Oracle SQLNET

  • sun-rpc—Sun Microsystems RPC

  • talk—TALK program

  • tftp—Trivial File Transfer Protocol

To display a list of the supported applications on an SRX Series device, enter the following command from configuration mode:
conn-tag

Session identified by the specified conn-tag.

A conn-tag is a 32-bit connection tag that uniquely identifies the GPRS tunneling protocol, user plane (GTP-U), and the Stream Control Transmission Protocol (STCP) sessions.

The connection tag for GTP-U is the tunnel endpoint identifier (TEID). For SCTP, it is the vTag. The connection ID remains 0 if the connection tag is not used by the sessions.

Session connection identifiers are in the following range:

  • Range: 0 through 4294967295
destination-port

Destination port.

  • Range: 1 through 65535
destination-prefix

Destination IP prefix or address.

family

Protocol family:

  • inet—Clear IPv4 sessions

  • inet6–Clear IPv6 sessions
interface

Name of incoming or outgoing interface.
protocol

IP protocol number.
source-port

Source port.

  • Range: 1 through 65535.
source-prefix

Source IP prefix or IP address.

Required Privilege Level

clear

Output Fields

Displays a message reporting the number of active sessions cleared. The same message is displayed when any specific option is entered.

Sample Output

command-name

Release Information

Command introduced in Junos OS Release 10.2.

Related Documentation

  • show security flow session