Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

show security flow session services-offload

Syntax

Description

Display information about all currently active services-offload security sessions on the device.

Options

  • filter—Filter the display by the specified criteria.

    The following filters reduce the display to those sessions that match the criteria specified by the filter:

    application

    Application name.

    application-firewall-rule-set

    Application firewall enabled with the specified rule set.

    application-traffic-control-rule-set

    Application traffic control enabled with the specified rule set.

    destination-port

    Destination port.

    destination-prefix

    Destination IP prefix or address.

    dynamic-application

    Dynamic application name.

    dynamic-application-group

    Dynamic application group name.

    encrypted

    Show encrypted traffic.

    family

    Protocol family.

    interface

    Name of incoming or outgoing interface.

    logical-system

    Logical system name.

    protocol

    IP protocol number.

    root-logical-system

    Root logical system name.

    source-port

    Source port.

    source-prefix

    Source IP prefix or address.

    tenant

    Tenant system name.

  • brief | extensive | summary—Display the specified level of output.

Required Privilege Level

view

Output Fields

Table 1 lists the output fields for the show security flow session services-offload command. Output fields are listed in the approximate order in which they appear.

Table 1: show security flow session services-offload Output Fields

Field Name

Field Description

Session ID

Number that identifies the services-offload session. Use this ID to get more information about the session.

Policy name

Policy that permits the services-offload traffic.

Timeout

Idle timeout period after which the services-offload session expires.

In

Incoming flow (source and destination IP addresses, application protocol, interface, session token, route, gateway, tunnel, port sequence, FIN sequence, FIN state, packets, and bytes).

Out

Reverse flow (source and destination IP addresses, application protocol, interface, session token, route, gateway, tunnel, port sequence, FIN sequence, FIN state, packets, and bytes).

Total sessions

Total number of services-offload sessions.

Status

Services-offload session status.

Flag

Internal flag depicting the state of the services-offload session, used for debugging purposes.

Policy name

Name and ID of the policy that the first packet of the services-offload session matched.

Source NAT pool

The name of the source pool where NAT is used.

Application

Name of the application.

Dynamic application

Name of the dynamic application.

Maximum timeout

Maximum amount of idle time allowed for the services-offload session.

Current timeout

Number of seconds that the current services-offload session has been idle.

Session State

Services-offload session state.

Start time

Time when the services-offload session was created, offset from the system start time.

Duration

Duration of the services-offload session.

Valid sessions

Number of valid services-offload sessions.

Pending sessions

Number of pending services-offload sessions.

Invalidated sessions

Number of invalidated services-offload sessions.

Sessions in other states

Number of services-offload sessions in other states.

Total sessions

Total number of services-offload sessions.

Sample Output

show security flow session services-offload

show security flow session services-offload brief

show security flow session services-offload extensive

show security flow session services-offload summary

show security flow session services-offload summary logical-system LSYS1

show security flow session services-offload summary

show security flow session services-offload summary tenant TSYS1

show security flow session services-offload summary

Release Information

Command introduced in Junos OS Release 11.4.

Low-latency option introduced in Junos OS Release 12.1X44-D10.

Starting in Junos OS Release 15.1X49-D10 and Junos OS Release 17.3R1, the SRX5K-MPC3-100G10G (IOC3) and the SRX5K-MPC3-40G10G (IOC3) with Express Path (formerly known as services offloading) support are introduced for SRX5400, SRX5600, and SRX5800 Series devices.

Support added on SRX5800, SRX5600, SRX5400 Series devices and vSRX.

Support added on SRX4600 Series device in Junos OS Release 20.1R1.

Support added at the logical system and tenant system level in Junos OS Release 20.1R1.