Juniper SRX セッション関連

Network

Firewall使ってると、ちゃんとトラフィックが流れているか見たくなるのでメモ。

コマンドメモ

show security flow session
Possible completions:
  <[Enter]>            Execute this command
  application          Application protocol name
  application-firewall  Show application-firewall sessions
  application-firewall-rule-set  Show application-firewall session by rule-set
  brief                Show brief output (default)
  destination-port     Destination port (1..65535)
  destination-prefix   Destination IP prefix or address
  dynamic-application  Dynamic application name
  dynamic-application-group  Dynamic application group name
  extensive            Show detailed output
  family               Protocol family
  idp                  IDP sessions
  interface            Name of incoming or outgoing interface
  nat                  Sessions with network address translation
  protocol             IP protocol number
  resource-manager     Sessions with resource manager
  session-identifier   Show session with specified session identifier
  source-port          Source port (1..65535)
  source-prefix        Source IP prefix or address
  summary              Show output summary
  tunnel               Tunnel sessions
  |                    Pipe through a command

show security flow session

 node0:
 --------------------------------------------------------------------------

Session ID: 115, Policy name: xxxxx, State: Active, Timeout: 1766, Valid
  In: xx.xx.xx.xx/57050 --> xx.xx.xx.xx/5073;tcp, If: reth0.0, Pkts: 106939, Bytes: 9412714
  Out: xx.xx.xx.xx/5073 --> xx.xx.xx.xx/57050;tcp, If: reth1.0, Pkts: 92082, Bytes: 71627805

Session ID: 118, Policy name: xxxxx, State: Active, Timeout: 8, Valid
  In: xx.xx.xx.xx/37123 --> xx.xx.xx.xx/161;udp, If: reth0.0, Pkts: 52, Bytes: 7354
  Out: xx.xx.xx.xx/161 --> xx.xx.xx.xx/59284;udp, If: reth1.0, Pkts: 52, Bytes: 8221
(以下略)

Src/DstなどでFilter

Filterして必要な物だけ見る。

show security flow session source-prefix xx.xx.xx.xx destination-prefix xx.xx.xx.xx
 node0:
 --------------------------------------------------------------------------

Session ID: 447495, Policy name: xxxxx, State: Active, Timeout: 16, Valid
  In: xx.xx.xx.xx/48291 --> xx.xx.xx.xx/80;tcp, If: reth0.0, Pkts: 2, Bytes: 120
  Out: xx.xx.xx.xx/80 --> xx.xx.xx.xx/48291;tcp, If: reth1.0, Pkts: 0, Bytes: 0
Total sessions: 1

 node1:
 --------------------------------------------------------------------------

Session ID: 19666, Policy name: xxxxx/39, State: Backup, Timeout: 14400, Valid
  In: xx.xx.xx.xx/48291 --> xx.xx.xx.xx/80;tcp, If: reth0.0, Pkts: 0, Bytes: 0
  Out: xx.xx.xx.xx/80 --> xx.xx.xx.xx/48291;tcp, If: reth1.0, Pkts: 0, Bytes: 0
Total sessions: 1