How to display invalid sessions on SRX.
Use either of the following methods to view invalid sessions on SRX:
VTY to flowd in the shell mode:
On high-end SRX devices:
root@SRX3400-A% vty node1.fpc6.pic0 BSD platform (XLR processor, 4095MB memory, 16384KB flash) [flowd]FPC6.PIC0(vty)# set parser security 10 Security level set to 10 [flowd]FPC6.PIC0(vty)# show usp flow session invalid Session Id: 603429, CP session Id: 1950482, Timeout: 2s, state: 4, flags: 50/41a0000/3 Active, failover cnt 0, sync id 0x21893525, retry cnt 0 (in)* : 33.33.33.33/41871 -> 77.77.77.77/0;6, If: 70 (6), flag: 0041, wsf: 0, diff: 0 tunnel (y/n): n, pkts: 0, bytes: 0 (out) : 77.77.77.77/0 -> 33.33.33.33/41871;6, If: 71 (7), flag: 0040, wsf: 0, diff: 0 tunnel (y/n): n, pkts: 0, bytes: 0
On branch SRX devices:
root@% vty fwdd BSD platform (OCTEON processor, 416MB memory, 8192KB flash) FLOWD_OCTEON( vty)# set parse security 10 Security level set to 10 FLOWD_OCTEON( vty)# show usp flow session invalid Session Id: 13257, CP session Id: 0, Timeout: 2s, state: 4, flags: 50/40000/22 (in)* : 172.27.103.227/123 -> 172.27.103.255/123;17, If: 68 (6), flag: 0021, wsf: 0, diff: 0 tunnel (y/n): n, pkts: 0, bytes: 0 (out) : 172.27.103.255/123 -> 0.0.0.0/0;0, If: 68 (0), flag: 0000, wsf: 0, diff: 0 tunnel (y/n): n, pkts: 0, bytes: 0
Use the cprod shell command:
To view invalid sessions, you need change the security level to 10. So, edit the file as follows: (the file being used in this example is showinvalidsessions):
root@SRX3400-A% cat showinvalidsessions set parse security 10 show usp flow session invalid
On high-end SRX devices:
root@SRX3400-A% srx-cprod.sh -s flowd showinvalidsessions ======== Start SPU5.0, node0.fpc5.pic0, flowd ======== === SPU5.0, node0.fpc5.pic0> set parse security 10 Security level set to 10 === SPU5.0, node0.fpc5.pic0> show usp flow session invalid Session Id: 21942, CP session Id: 137963, Timeout: 2s, state: 4, flags: 10000050/4140000/3 Backup, failover cnt 0, sync id 0x215038e6, retry cnt 0 (in)* : 33.33.33.33/1782 -> 77.77.77.77/0;6, If: 70 (6), flag: 0121, wsf: 0, diff: 0 tunnel (y/n): n, pkts: 0, bytes: 0 (out) : 77.77.77.77/0 -> 33.33.33.33/1782;6, If: 71 (7), flag: 0120, wsf: 0, diff: 0 tunnel (y/n): n, pkts: 0, bytes: 0
On branch SRX devices:
root@% cprod -A fwdd showinvalidsessions SENT: Ukern command: set parse security 10 GOT: GOT: Security level set to 10 SENT: Ukern command: show usp flow session invalid GOT: GOT: GOT: Session Id: 13665, CP session Id: 0, Timeout: 2s, state: 4, flags: 50/40000/22 GOT: (in)* : 172.27.103.227/123 -> 172.27.103.255/123;17, If: 68 (6), flag: 0021, wsf: 0, diff: 0 GOT: tunnel (y/n): n, pkts: 0, bytes: 0 GOT: (out) : 172.27.103.255/123 -> 0.0.0.0/0;0, If: 68 (0), flag: 0000, wsf: 0, diff: 0 GOT: tunnel (y/n): n, pkts: 0, bytes: 0