Juniper SSG セッション関連
Firewall使ってると、ちゃんとトラフィックが流れているか見たくなるのでメモ。
コマンドメモ
get session ? > redirect output | match outputdst-ip destination ip address dst-mac destination mac address dst-port destination port number or range id show sessions with id ike-nat show ike-nat ALG info info show sessions summary info ipsec-nat show ipsec pinhole ALG info policy-id policy id protocol protocol number or range rm show sessions for resource management service show sessions with service type src-ip source ip address src-mac source mac address src-port source port number or range tunnel show tunnel sessions vsd-id get vsd-id specified sessions
get session
alloc 15432/max 256064, alloc failed 0, mcast alloc 0, di alloc failed 0 total reserved 0, free sessions in shared pool 240632 id 127878/s**,vsys 0,flag 00000000/0000/0001/0000,policy 20,time 6, dip 10 module 0 if 0(nspflag 800801):xx.xx.xx.xx/59269->xx.xx.xx.xx/161,17,02e052fe4664,sess token 16,vlan 0,tun 0,vsd 0,route 8 if 5(nspflag 10800800):xx.xx.xx.xx/50328<-xx.xx.xx.xx/161,17,00005e000104,sess token 17,vlan 0,tun 0,vsd 0,route 11 (以下略)
Src/DstなどでFilter
Filterして必要な物だけ見る。
get session src-ip xx.xx.xx.xx dst-ip xx.xx.xx.xx dst-port 23 alloc 15801/max 256064, alloc failed 0, mcast alloc 0, di alloc failed 0 total reserved 0, free sessions in shared pool 240263 Total 1 sessions according filtering criteria. id 232969/s**,vsys 0,flag 0c000000/0000/0001/0000,policy 92,time 4320, dip 0 module 0 if 0(nspflag 801801):xx.xx.xx.xx/53168->xx.xx.xx.xx/23,6,02e052fe4664,sess token 16,vlan 0,tun 0,vsd 0,route 8,wsf 0 if 5(nspflag 801800):xx.xx.xx.xx/53168<-xx.xx.xx.xx/23,6,00005e000104,sess token 17,vlan 0,tun 0,vsd 0,route 11,wsf 7