SRX: How to list firewall flow sessions table
Juniper SRX is a stateful firewall, it keeps a memory table of all traffic sessions passing through and that have been allowed by security policies.
To dump session table, use "show security flow session" operational command with filters to get information only about specific type of traffic, i.e.: only ipv4 or only ipv6 traffic, only tcp or udp or going in/out one interface:
Code:
> show security flow ?
Possible completions:
gate Show gate information
ip-action Show ip-action table
session Show session table
statistics Show flow statistics
status Show flow status
> show security flow session
Session ID: 28, Policy name: trust-to-untrust/6, Timeout: 1164, Valid
In: 2001:471:7994:3:2011:8641:ae84:6a30/54843 --> 2607:f8b0:4004:80d::2003/443;tcp, If: vlan.2, Pkts: 2, Bytes: 144
Out: 2607:f8b0:4004:80d::2003/443 --> 2001:471:7994:3:2011:8641:ae84:6a30/54843;tcp, If: ip-0/0/0.0, Pkts: 0, Bytes: 0
Session ID: 64, Policy name: trust-to-untrust/6, Timeout: 72, Valid
In: 2001:471:7994:3:2011:8641:ae84:6a30/53446 --> 2607:f8b0:4004:80d::200e/443;tcp, If: vlan.2, Pkts: 1, Bytes: 72
Out: 2607:f8b0:4004:80d::200e/443 --> 2001:471:7994:3:2011:8641:ae84:6a30/53446;tcp, If: ip-0/0/0.0, Pkts: 0, Bytes: 0
Show only sessions for ipv6 traffic in SRX
Code:
> show security flow session family inet6
Show a summary of firewall session table in SRX
Code:
> show security flow session summary
Unicast-sessions: 141
Multicast-sessions: 0
Failed-sessions: 0
Sessions-in-use: 148
Valid sessions: 141
Pending sessions: 0
Invalidated sessions: 7
Sessions in other states: 0
Maximum-sessions: 12288
Show only sessions for UDP
Code:
> show security flow session protocol ?
Possible completions:
<protocol-number> Numeric protocol value (0 .. 255)
ah IP Security authentication header
egp Exterior gateway protocol
esp IPSec Encapsulating Security Payload
gre Generic routing encapsulation
icmp Internet Control Message Protocol
icmp6 Internet Control Message Protocol Version 6
igmp Internet Group Management Protocol
ipip IP in IP
ospf Open Shortest Path First
pim Protocol Independent Multicast
rsvp Resource Reservation Protocol
sctp Stream Control Transmission Protocol
tcp Transmission Control Protocol
udp User Datagram Protocol
> show security flow session protocol udp
As you can see, it is possible to list sessions from specific protcols above.
Show only SRX sessions to SSH or HTTP ports
Code:
> show security flow session destination-port 22
> show security flow session destination-port 80