Linux, FreeBSD, Juniper, Cisco / Network security articles and troubleshooting guides

It is currently Sat Jun 06, 2020 3:36 am

Message body:
Enter your message here, it may contain no more than 60000 characters. 

:D :) ;) :( :o :shock: :? 8-) :lol: :x :P :oops: :cry: :evil: :twisted: :roll: :!: :?: :idea: :arrow: :| :mrgreen: :geek: :ugeek:
Font size:
Font colour
BBCode is ON
[img] is ON
[flash] is OFF
[url] is ON
Smilies are ON
Disable BBCode
Disable smilies
Do not automatically parse URLs
Confirmation code
Confirmation code:
In an effort to prevent automatic submissions, we require that you enter both of the words displayed into the text field underneath.

Topic review - SRX: How to list firewall flow sessions table
Author Message
Post subject: SRX: How to list firewall flow sessions table  |  Post Posted: Tue Mar 10, 2015 6:08 pm
Juniper SRX is a stateful firewall, it keeps a memory table of all traffic sessions passing through and that have been allowed by security policies.

To dump session table, use "show security flow session" operational command with filters to get information only about specific type of traffic, i.e.: only ipv4 or only ipv6 traffic, only tcp or udp or going in/out one interface:

> show security flow ?
Possible completions:
  gate                 Show gate information
  ip-action            Show ip-action table
  session              Show session table
  statistics           Show flow statistics
  status               Show flow status
> show security flow session
Session ID: 28, Policy name: trust-to-untrust/6, Timeout: 1164, Valid
  In: 2001:471:7994:3:2011:8641:ae84:6a30/54843 --> 2607:f8b0:4004:80d::2003/443;tcp, If: vlan.2, Pkts: 2, Bytes: 144
  Out: 2607:f8b0:4004:80d::2003/443 --> 2001:471:7994:3:2011:8641:ae84:6a30/54843;tcp, If: ip-0/0/0.0, Pkts: 0, Bytes: 0

Session ID: 64, Policy name: trust-to-untrust/6, Timeout: 72, Valid
  In: 2001:471:7994:3:2011:8641:ae84:6a30/53446 --> 2607:f8b0:4004:80d::200e/443;tcp, If: vlan.2, Pkts: 1, Bytes: 72
  Out: 2607:f8b0:4004:80d::200e/443 --> 2001:471:7994:3:2011:8641:ae84:6a30/53446;tcp, If: ip-0/0/0.0, Pkts: 0, Bytes: 0

Show only sessions for ipv6 traffic in SRX

> show security flow session family inet6

Show a summary of firewall session table in SRX

> show security flow session summary
Unicast-sessions: 141
Multicast-sessions: 0
Failed-sessions: 0
Sessions-in-use: 148
  Valid sessions: 141
  Pending sessions: 0
  Invalidated sessions: 7
  Sessions in other states: 0
Maximum-sessions: 12288

Show only sessions for UDP

> show security flow session protocol ?
Possible completions:
  <protocol-number>    Numeric protocol value (0 .. 255)
  ah                   IP Security authentication header
  egp                  Exterior gateway protocol
  esp                  IPSec Encapsulating Security Payload
  gre                  Generic routing encapsulation
  icmp                 Internet Control Message Protocol
  icmp6                Internet Control Message Protocol Version 6
  igmp                 Internet Group Management Protocol
  ipip                 IP in IP
  ospf                 Open Shortest Path First
  pim                  Protocol Independent Multicast
  rsvp                 Resource Reservation Protocol
  sctp                 Stream Control Transmission Protocol
  tcp                  Transmission Control Protocol
  udp                  User Datagram Protocol
> show security flow session protocol udp

As you can see, it is possible to list sessions from specific protcols above.

Show only SRX sessions to SSH or HTTP ports

> show security flow session destination-port 22
> show security flow session destination-port 80
Jump to:  
cronNews News Site map Site map SitemapIndex SitemapIndex RSS Feed RSS Feed Channel list Channel list

Delete all board cookies | The team | All times are UTC - 5 hours [ DST ]