show security flow session services-offload
Syntax
show security flow session services-offload[filter] [brief | extensive | summary]
Description
Display information about all currently active services-offload security sessions on the device.
Options
filter—Filter the display by the specified criteria.
The following filters reduce the display to those sessions that match the criteria specified by the filter:
applicationApplication name.
application-firewall-rule-setApplication firewall enabled with the specified rule set.
application-traffic-control-rule-setApplication traffic control enabled with the specified rule set.
destination-portDestination port.
destination-prefixDestination IP prefix or address.
dynamic-applicationDynamic application name.
dynamic-application-groupDynamic application group name.
encrypted Show encrypted traffic.
familyProtocol family.
interfaceName of incoming or outgoing interface.
logical-systemLogical system name.
protocolIP protocol number.
root-logical-systemRoot logical system name.
source-portSource port.
source-prefixSource IP prefix or address.
tenantTenant system name.
brief | extensive | summary—Display the specified level of output.
Required Privilege Level
view
Output Fields
Table 1 lists the output fields for the show security flow session
services-offload command. Output fields are listed in the approximate
order in which they appear.
Field Name |
Field Description |
|---|---|
|
Number that identifies the services-offload session. Use this ID to get more information about the session. |
|
Policy that permits the services-offload traffic. |
|
Idle timeout period after which the services-offload session expires. |
|
Incoming flow (source and destination IP addresses, application protocol, interface, session token, route, gateway, tunnel, port sequence, FIN sequence, FIN state, packets, and bytes). |
|
Reverse flow (source and destination IP addresses, application protocol, interface, session token, route, gateway, tunnel, port sequence, FIN sequence, FIN state, packets, and bytes). |
|
Total number of services-offload sessions. |
|
Services-offload session status. |
|
Internal flag depicting the state of the services-offload session, used for debugging purposes. |
|
Name and ID of the policy that the first packet of the services-offload session matched. |
|
The name of the source pool where NAT is used. |
|
Name of the application. |
|
Name of the dynamic application. |
|
Maximum amount of idle time allowed for the services-offload session. |
|
Number of seconds that the current services-offload session has been idle. |
|
Services-offload session state. |
|
Time when the services-offload session was created, offset from the system start time. |
|
Duration of the services-offload session. |
|
Number of valid services-offload sessions. |
|
Number of pending services-offload sessions. |
|
Number of invalidated services-offload sessions. |
|
Number of services-offload sessions in other states. |
|
Total number of services-offload sessions. |
Sample Output
- show security flow session services-offload
- show security flow session services-offload brief
- show security flow session services-offload extensive
- show security flow session services-offload summary
- show security flow session services-offload summary logical-system LSYS1
- show security flow session services-offload summary
- show security flow session services-offload summary tenant TSYS1
- show security flow session services-offload summary
show security flow session services-offload
user@host>show security flow session services-offload Flow Sessions on FPC10 PIC1: Total sessions: 0 Flow Sessions on FPC10 PIC2: Session ID: 420000002, Policy name: p1/4, Timeout: 1788, Valid In: 200.0.0.10/15198 --> 60.0.0.2/23;tcp, If: ge-7/1/0.0, Pkts: 9, Bytes: 507, CP Session ID: 420000002 Out: 60.0.0.2/23 --> 200.0.0.10/15198;tcp, If: ge-7/1/1.0, Pkts: 8, Bytes: 462, CP Session ID: 420000002 Total sessions: 1 Flow Sessions on FPC10 PIC3: Total sessions: 0
show security flow session services-offload brief
user@host>show security flow session services-offload brief Flow Sessions on FPC10 PIC1: Total sessions: 0 Flow Sessions on FPC10 PIC2: Session ID: 420000002, Policy name: p1/4, Timeout: 1748, Valid In: 200.0.0.10/15198 --> 60.0.0.2/23;tcp, If: ge-7/1/0.0, Pkts: 9, Bytes: 507, CP Session ID: 420000002 Out: 60.0.0.2/23 --> 200.0.0.10/15198;tcp, If: ge-7/1/1.0, Pkts: 8, Bytes: 462, CP Session ID: 420000002 Total sessions: 1 Flow Sessions on FPC10 PIC3: Total sessions: 0
show security flow session services-offload extensive
user@host>show security flow session services-offload extensive
Flow Sessions on FPC10 PIC1:
Total sessions: 0
Flow Sessions on FPC10 PIC2:
Session ID: 420000002, Status: Normal
Flags: 0x40/0x0/0x2408003, services-offload
Policy name: p1/4
Source NAT pool: Null, Application: junos-telnet/10
Dynamic application: junos:UNKNOWN,
Encryption: Unknown
Application traffic control rule-set: INVALID, Rule: INVALID
Maximum timeout: 1800, Current timeout: 1718
Session State: Valid
Start time: 165, Duration: 89
In: 200.0.0.10/15198 --> 60.0.0.2/23;tcp,
Interface: ge-7/1/0.0,
Session token: 0x6, Flag: 0x42001021
Route: 0x80010, Gateway: 200.0.0.10, Tunnel: 0
Port sequence: 0, FIN sequence: 0,
FIN state: 0,
Pkts: 9, Bytes: 507
CP Session ID: 420000002
Out: 60.0.0.2/23 --> 200.0.0.10/15198;tcp,
Interface: ge-7/1/1.0,
Session token: 0x7, Flag: 0x42001020
Route: 0x70010, Gateway: 60.0.0.2, Tunnel: 0
Port sequence: 0, FIN sequence: 0,
FIN state: 0,
Pkts: 8, Bytes: 462
CP Session ID: 420000002
Total sessions: 1
Flow Sessions on FPC10 PIC3:
Total sessions: 0
show security flow session services-offload summary
user@host>show security flow session services-offload summary Flow Sessions on FPC10 PIC1: Valid sessions: 0 Pending sessions: 0 Invalidated sessions: 0 Sessions in other states: 0 Total sessions: 0 Flow Sessions on FPC10 PIC2: Valid sessions: 0 Pending sessions: 0 Invalidated sessions: 0 Sessions in other states: 0 Total sessions: 0 Flow Sessions on FPC10 PIC3: Valid sessions: 1 Pending sessions: 0 Invalidated sessions: 0 Sessions in other states: 0 Total sessions: 1
show security flow session services-offload summary logical-system LSYS1
user@host>show security flow session services-offload summary logical-system LSYS1
Valid sessions: 500
Pending sessions: 0
Invalidated sessions: 0
Sessions in other states: 0
Total sessions: 500
show security flow session services-offload summary
user@host:LSYS1>show security flow session services-offload summary
Valid sessions: 500
Pending sessions: 0
Invalidated sessions: 0
Sessions in other states: 0
Total sessions: 500
show security flow session services-offload summary tenant TSYS1
user@host>show security flow session services-offload summary tenant TSYS1
Valid sessions: 10
Pending sessions: 0
Invalidated sessions: 0
Sessions in other states: 0
Total sessions: 10
show security flow session services-offload summary
user@host:TSYS1>show security flow session services-offload summary
Valid sessions: 10
Pending sessions: 0
Invalidated sessions: 0
Sessions in other states: 0
Total sessions: 10
Release Information
Command introduced in Junos OS Release 11.4.
Low-latency option introduced in Junos OS Release 12.1X44-D10.
Starting in Junos OS Release 15.1X49-D10 and Junos OS Release 17.3R1, the SRX5K-MPC3-100G10G (IOC3) and the SRX5K-MPC3-40G10G (IOC3) with Express Path (formerly known as services offloading) support are introduced for SRX5400, SRX5600, and SRX5800 Series devices.
Support added on SRX5800, SRX5600, SRX5400 Series devices and vSRX Virtual Firewall.
Support added on SRX4600 Series device in Junos OS Release 20.1R1.
Support added at the logical system and tenant system level in Junos OS Release 20.1R1.