Linux, FreeBSD, Juniper, Cisco / Network security articles and troubleshooting guides
Register
FAQ
It is currently Thu Mar 30, 2023 7:45 pm

ROOT ‹ Network Security & Routing & Switching ‹ Juniper SRX ‹ SRX: How to list firewall flow sessions table

Post a reply

SRX: How to list firewall flow sessions table

« Previous topic | Next topic »
Author Message
mandrei99
Post  Post subject: SRX: How to list firewall flow sessions table  |  Posted: Tue Mar 10, 2015 6:08 pm

Joined: Tue Aug 04, 2009 9:16 am
Posts: 250

Offline
 

SRX: How to list firewall flow sessions table

Juniper SRX is a stateful firewall, it keeps a memory table of all traffic sessions passing through and that have been allowed by security policies.

To dump session table, use "show security flow session" operational command with filters to get information only about specific type of traffic, i.e.: only ipv4 or only ipv6 traffic, only tcp or udp or going in/out one interface:











Code:
> show security flow ?
Possible completions:
  gate                 Show gate information
  ip-action            Show ip-action table
  session              Show session table
  statistics           Show flow statistics
  status               Show flow status
> show security flow session
Session ID: 28, Policy name: trust-to-untrust/6, Timeout: 1164, Valid
  In: 2001:471:7994:3:2011:8641:ae84:6a30/54843 --> 2607:f8b0:4004:80d::2003/443;tcp, If: vlan.2, Pkts: 2, Bytes: 144
  Out: 2607:f8b0:4004:80d::2003/443 --> 2001:471:7994:3:2011:8641:ae84:6a30/54843;tcp, If: ip-0/0/0.0, Pkts: 0, Bytes: 0

Session ID: 64, Policy name: trust-to-untrust/6, Timeout: 72, Valid
  In: 2001:471:7994:3:2011:8641:ae84:6a30/53446 --> 2607:f8b0:4004:80d::200e/443;tcp, If: vlan.2, Pkts: 1, Bytes: 72
  Out: 2607:f8b0:4004:80d::200e/443 --> 2001:471:7994:3:2011:8641:ae84:6a30/53446;tcp, If: ip-0/0/0.0, Pkts: 0, Bytes: 0

Show only sessions for ipv6 traffic in SRX


Code:
> show security flow session family inet6

Show a summary of firewall session table in SRX


Code:
> show security flow session summary
Unicast-sessions: 141
Multicast-sessions: 0
Failed-sessions: 0
Sessions-in-use: 148
  Valid sessions: 141
  Pending sessions: 0
  Invalidated sessions: 7
  Sessions in other states: 0
Maximum-sessions: 12288

Show only sessions for UDP


Code:
> show security flow session protocol ?
Possible completions:
  <protocol-number>    Numeric protocol value (0 .. 255)
  ah                   IP Security authentication header
  egp                  Exterior gateway protocol
  esp                  IPSec Encapsulating Security Payload
  gre                  Generic routing encapsulation
  icmp                 Internet Control Message Protocol
  icmp6                Internet Control Message Protocol Version 6
  igmp                 Internet Group Management Protocol
  ipip                 IP in IP
  ospf                 Open Shortest Path First
  pim                  Protocol Independent Multicast
  rsvp                 Resource Reservation Protocol
  sctp                 Stream Control Transmission Protocol
  tcp                  Transmission Control Protocol
  udp                  User Datagram Protocol
> show security flow session protocol udp

As you can see, it is possible to list sessions from specific protcols above.

Show only SRX sessions to SSH or HTTP ports


Code:
> show security flow session destination-port 22
> show security flow session destination-port 80



Top
Display posts from previous:  Sort by  
 E-mail friendPrint view
Post a reply

Topics related to - "SRX: How to list firewall flow sessions table"
 Topics   Author   Replies   Views   Last post 
There are no new unread posts for this topic. How to monitor CPU usage and flow sessions via SNMP - Juniper SRX Branch - 12.1X44

mandrei99

0

14319

Tue Jun 18, 2013 6:13 pm

mandrei99 View the latest post

There are no new unread posts for this topic. Attachment(s) Juniper SRX Branch - Blocking HTTPS websites using the AppFW (application-firewall) feature - Part 1

mandrei99

0

10983

Sat Jul 27, 2013 3:48 pm

mandrei99 View the latest post

There are no new unread posts for this topic. Juniper SRX Branch - Blocking HTTPS websites using the AppFW (application-firewall) feature - Part 2

mandrei99

0

6762

Sat Jul 27, 2013 3:59 pm

mandrei99 View the latest post

There are no new unread posts for this topic. Juniper SRX IPv6 forwarding - flow mode or packet mode.

mandrei99

0

4256

Thu Jan 15, 2015 6:13 am

mandrei99 View the latest post

There are no new unread posts for this topic. Juniper SRX Packet mode - how to switch between flow mode and packet mode

mandrei99

0

10343

Thu Jan 15, 2015 6:36 am

mandrei99 View the latest post

 

Who is online
Users browsing this forum: No registered users and 0 guests
You can post new topics in this forum
You can reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum
Jump to:  
cronNews News Site map Site map SitemapIndex SitemapIndex RSS Feed RSS Feed Channel list Channel list


ROOT ‹ Network Security & Routing & Switching ‹ Juniper SRX
Delete all board cookies | The team | All times are UTC - 5 hours [ DST ]



phpBB SEO