Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?


clear security flow session nat



Clear all active sessions with NAT configurations or the active NAT session identified by a session parameter.

Network Address Translation (NAT) is now used primarily to improve traffic security. But it also offers solutions to IP address constraints prior to the advent and implementation of IPv6. NAT allows you to remap one IP address space to another. Network address information in the IP datagram packet headers are modified to achieve the translation.



Name of the application protocol

  • dns—Domain Name System

  • ftp—File Transfer Protocol

  • ignore—Ignore application type

  • mgcp-ca—Media Gateway Control Protocol with Call Agent

  • mgcp-ua—MGCP with User Agent

  • ms-rpc—Microsoft RPC

  • pptp—Point-to-Point Tunneling Protocol

  • q931—ISDN connection control protocol

  • ras—RAS

  • realaudio—RealAudio

  • rsh—UNIX remote shell services

  • rtsp—Real-Time Streaming Protocol

  • sccp—Skinny Client Control Protocol

  • sip—Session Initiation Protocol

  • sqlnet-v2—Oracle SQLNET

  • sun-rpc—Sun Microsystems RPC

  • talk—TALK program

  • tftp—Trivial File Transfer Protocol

To display a list of the supported applications on an SRX Series device, enter the following command from configuration mode:


Session identified by the specified conn-tag.

A conn-tag is a 32-bit connection tag that uniquely identifies the GPRS tunneling protocol, user plane (GTP-U), and the Stream Control Transmission Protocol (STCP) sessions.

The connection tag for GTP-U is the tunnel endpoint identifier (TEID). For SCTP, it is the vTag. The connection ID remains 0 if the connection tag is not used by the sessions.

Session connection identifiers are in the following range:

  • Range: 0 through 4294967295


Destination port.

  • Range: 1 through 65535


Destination IP prefix or address.


Protocol family:

  • inet—Clear IPv4 sessions

  • inet6–Clear IPv6 sessions


Name of incoming or outgoing interface.


IP protocol number.


Source port.

  • Range: 1 through 65535.


Source IP prefix or IP address.

Required Privilege Level


Output Fields

Displays a message reporting the number of active sessions cleared. The same message is displayed when any specific option is entered.

Sample Output


Release Information

Command introduced in Junos OS Release 10.2.