Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

show security flow session

Syntax

Description

Display information about all currently active security sessions on the device. For the normal flow sessions, the show security flow session command displays byte counters based on IP header length. However, for sessions in Express Path mode, the statistics are collected from the IOC2 (SRX5K-MPC), IOC3 (SRX5K-MPC3-100G10G and SRX5K-MPC3-40G10G), and IOC4 (SRX5K-IOC4-MRAT and SRX5K-IOC4-10G) ASIC hardware engines and include full packet length with L2 headers. Because of this, the output displays slightly larger byte counters for sessions in Express Path mode than for the normal flow session.

Options

  • filter—Filter the display by the specified criteria.

    The following filters reduce the display to those sessions that match the criteria specified by the filter. Refer to the specific show command for examples of the filtered output.

    advanced-anti-malware

    Show advanced-anti-malware sessions. For details on the advanced-anti-malware option, see the Sky Advanced Threat Prevention CLI Reference Guide.

    all-logical-systems-tenants

    All multitenancy systems.

    application

    Predefined application name.

    application-firewall

    Application firewall enabled.

    application-firewall-rule-set

    Application firewall enabled with the specified rule set.

    application-traffic-control

    Application traffic control session.

    application-traffic-control-rule-set

    Application traffic control rule set name and rule name.

    bytes-less-than Define session's bytes-count less than a value (1..4294967295).
    bytes-more-than Define session's bytes-count more a value (1..4294967295).
    conn-tag

    Session connection tag (0..4294967295).

    curr-less-than Define session's current-timeout value less than a value (1..100000).
    curr-more-than Define session's current-timeout value more than a value (1..100000).
    destination-port

    Destination port.

    destination-prefix

    Destination IP prefix or address.

    dynamic-application

    Dynamic application.

    dynamic-application-group

    Dynamic application.

    duration-less-than Define session's duration time less than a value (1..100000).
    duration-more-than Define session's duration time more than a value (1..100000).
    encrypted

    Encrypted traffic.

    family

    Display session by family.

    ha-link Display HA link session information.
    idp

    IDP-enabled sessions.

    interface

    Name of incoming or outgoing interface.

    logical-system (all | logical-system-name)

    Name of a specific logical system or all to display all logical systems.

    nat

    Display sessions with network address translation.

    node

    (Optional) For chassis cluster configurations, display security flow session information on a specific node (device) in the cluster.

    • node-id —Identification number of the node. It can be 0 or 1.

    • all —Display information about all nodes.

    • local —Display information about the local node.

    • primary—Display information about the primary node.

    packets-less-than Define session's packets-count less than a value (1..4294967295).
    packets-more-than Define session's packets-count more than a value (1..4294967295).
    plugin-name Plugin name.
    plugin-status Plugin status.
    plugins Display the flow session information of plugins.
    policy-id

    Display session information based on policy ID; the range is 1 through 4,294,967,295.

    pretty Display the flow session information in a list to make it easy for you to read and monitor.
    protocol

    IP protocol number.

    resource-manager

    Resource manager.

    root-logical-system

    Display root logical system as default.

    security-intelligence

    Display security intelligence sessions.

    services-offload

    Display services offload sessions.

    session-identifier

    Display session with specified session identifier.

    session-state Session state.
    source-port

    Source port.

    source-prefix

    Source IP prefix.

    ssl Display the SSL proxy sessions information.
    tenant

    Displays the security flow session information for a tenant system.

    timeout-less-than Define session's timeout value less than a value (1..100000).
    timeout-more-than Define session's timeout value more than a value (1..100000).
    tunnel

    Tunnel sessions.

    tunnel-inspection-type

    Tunnel inspection type

    gre

    Displays gre tunnel inspection

    ipip

    Displays ipip tunnel inspection

    vxlan

    Displays vxlan tunnel inspection

    vxlan-vni

    It only lists the tunnel session which vni matches the one you specify in the command.

    url-category Display flow session information by url-category.
    vrf-group Display flow session information by L3VPN VRF Group.
  • brief | extensive | summary—Display the specified level of output.

  • none—Display information about all active sessions.

Required Privilege Level

view

Output Fields

Table 1 lists the output fields for the show security flow session command. Output fields are listed in the approximate order in which they appear.

Table 1: show security flow session Output Fields

Field Name

Field Description

Level of Output

Session ID

Number that identifies the session. Use this ID to get more information about the session.

brief

extensive

none

If

Interface name.

brief

none

State

Status of security flow session.

brief

extensive

none

Conn Tag

A 32-bit connection tag that uniquely identifies the GPRS tunneling protocol, user plane (GTP-U) and the Stream Control Transmission Protocol (STCP) sessions. The connection tag for GTP-U is the tunnel endpoint identifier (TEID) and for SCTP is the vTag. The connection ID remains 0 if the connection tag is not used by the sessions.

brief

extensive

none

CP Session ID

Number that identifies the central point session. Use this ID to get more information about the central point session.

brief

extensive

none

Policy name

Name and ID of the policy that the first packet of the session matched.

brief

extensive

none

Timeout

Idle timeout after which the session expires.

brief

extensive

none

In

Incoming flow (source and destination IP addresses, application protocol, interface, session token, route, gateway, tunnel, port sequence, FIN sequence, FIN state, packets and bytes).

brief

extensive

none

Bytes

Number of received and transmitted bytes.

brief

extensive

none

Pkts

Number of received and transmitted packets.

brief

extensive

none

Total sessions

Total number of sessions.

brief

extensive

none

Out

Reverse flow (source and destination IP addresses, application protocol, interface, session token, route, gateway, tunnel, port sequence, FIN sequence, FIN state, packets and bytes).

brief

extensive

none

Status

Session status.

extensive

Flag

Internal flag depicting the state of the session, used for debugging purposes.

extensive

Source NAT pool

The name of the source pool where NAT is used.

extensive

Dynamic application

Name of the application.

extensive

Application traffic control rule-set

AppQoS rule set for this session.

extensive

Rule

AppQoS rule for this session.

extensive

Maximum timeout

Maximum session timeout.

extensive

Current timeout

Remaining time for the session unless traffic exists in the session.

extensive

Session State

Session state.

extensive

Start time

Time when the session was created, offset from the system start time.

extensive

Unicast-sessions

Number of unicast sessions.

Summary

Multicast-sessions

Number of multicast sessions.

Summary

Services-offload-sessions

Number of services-offload sessions.

Summary

Failed-sessions

Number of failed sessions.

Summary

Sessions-in-use

Number of sessions in use.

  • Valid sessions

  • Pending sessions

  • Invalidated sessions

  • Sessions in other states

Summary

Maximum-sessions

Maximum number of sessions permitted.

Summary

Sample Output

show security flow session

show security flow session (with default policy)

show security flow session (drop flow)

Shows dropped flows for SRX5400.

show security flow session brief

show security flow session extensive

show security flow session extensive

show security flow session summary

show security flow session tunnel-inspection-type

show security flow session tunnel-inspection-type

Release Information

Command introduced in Junos OS Release 8.5.

Support for filter and view options added in Junos OS Release 10.2.

Application firewall, dynamic application, and logical system filters added in Junos OS Release 11.2.

Policy ID filter added in Junos OS Release 12.3X48-D10.

Support for connection tag added in Junos OS Release 15.1X49-D40.

The tenant option introduced in Junos OS Release 18.3R1.

The tunnel-inspection-type option is introduced in Junos OS Release 20.4R1.