FC2ブログ

下流ネットワークエンジニアの生活

上流工程を夢見る下流工程のネットワークエンジニアがネットワーク技術や資格、身の回りのことを情報発信! Juniper Cisco YAMAHA DELL D-Link AlaxalA F5 CCNA CCNP CCIE ネットワークスペシャリスト

PaloAlto CLIでセッション情報を確認するコマンド一覧 PAN-OS 7.1

2018.06.07 (Thu)


PaloAltoをSSHでリモートログインしてCLIのみで操作するケースが多々ある。

その中でよく使う、セッション情報を確認するCLIコマンドをメモ

show sessionコマンドの候補


admin@PA-1(active-primary)> show session
> all Show active sessions
> id Show specific session information
> info Show session statistics
> meter Show session metering statistics
> rematch Show rematch statistics














admin@PA-1(active-primary)> show session info

target-dp: *.dp0
-------------------------------------------------------------------
Number of sessions supported: 2000000
Number of active sessions: 42648
Number of active TCP sessions: 27566
Number of active UDP sessions: 14003
Number of active ICMP sessions: 45
Number of active BCAST sessions: 0
Number of active MCAST sessions: 0
Number of active predict sessions: 15
Session table utilization: 2%
Number of sessions created since bootup: 4345849111
Packet rate: 6334/s
Throughput: 18122 kbps
New connection establish rate: 790 cps
-------------------------------------------------------------------
Session timeout
TCP default timeout: 3600 secs
TCP session timeout before SYN-ACK received: 5 secs
TCP session timeout before 3-way handshaking: 10 secs
TCP half-closed session timeout: 120 secs
TCP session timeout in TIME_WAIT: 15 secs
TCP session timeout for unverified RST: 30 secs
UDP default timeout: 30 secs
ICMP default timeout: 6 secs
other IP default timeout: 30 secs
Captive Portal session timeout: 30 secs
Session timeout in discard state:
TCP: 90 secs, UDP: 60 secs, other IP protocols: 60 secs
-------------------------------------------------------------------
Session accelerated aging: True
Accelerated aging threshold: 80% of utilization
Scaling factor: 2 X
-------------------------------------------------------------------
Session setup
TCP - reject non-SYN first packet: True
Hardware session offloading: True
IPv6 firewalling: True
Strict TCP/IP checksum: True
ICMP Unreachable Packet Rate: 200 pps
-------------------------------------------------------------------
Application trickling scan parameters:
Timeout to determine application trickling: 10 secs
Resource utilization threshold to start scan: 80%
Scan scaling factor over regular aging: 8
-------------------------------------------------------------------
Session behavior when resource limit is reached: drop
-------------------------------------------------------------------
Pcap token bucket rate : 10485760
-------------------------------------------------------------------
Max pending queued mcast packets per session : 0
-------------------------------------------------------------------
Processing CPU: random
Broadcast first packet: yes
-------------------------------------------------------------------







admin@PA-1(active-primary)> show session meter

------------------------------------------------------
VSYS Maximum Current Throttled
------------------------------------------------------
1 0 17245 0
2 0 18264 0
3 0 0 0
4 0 0 0
5 0 0 0
6 0 0 0
7 0 0 0
8 0 0 0
9 0 0 0
10 0 0 0
11 0 0 0
12 0 0 0
13 0 0 0
14 0 0 0
15 0 0 0
16 0 0 0
17 0 0 0
18 0 0 0
19 0 0 0
20 0 0 0
21 0 0 0
22 0 0 0
23 0 0 0
24 0 0 0
25 0 0 0
------------------------------------------------------







admin@PA-1(active-primary)> show session rematch

----------------------------------------------------------
Start time of last rematch: Thu Jun 7 01:02:43 2018
Duration of last rematch: 0:00:00
Number of sessions processed: 1706
Number of sessions denied: 0
----------------------------------------------------------






admin@PA-1(active-primary)> show session id 34071990

Session 34071990

c2s flow:
source: 10.0.0.23 [trust]
dst: 125.56.201.99
proto: 6
sport: 50023 dport: 80
state: INIT type: FLOW
src user: unknown
dst user: unknown

s2c flow:
source: 125.56.201.99 [untrust]
dst: 10.0.0.23
proto: 6
sport: 80 dport: 50023
state: INIT type: FLOW
src user: unknown
dst user: unknown

DP : 0
index(local): : 1
start time : Wed Dec 27 16:17:13 2017
timeout : 20 sec
total byte count(c2s) : 0
total byte count(s2c) : 0
layer7 packet count(c2s) : 0
layer7 packet count(s2c) : 0
vsys : vsys1
application : ms-update
rule : rule1
session to be logged at end : True
session in session ager : False
session updated by HA peer : True
session owner is HA A/A local device : False
session setup locally HA A/A : False
layer7 processing : enabled
URL filtering enabled : False
session via syn-cookies : False
session terminated on host : False
session traverses tunnel : False
captive portal session : False
ingress interface : ae1
egress interface : ae5
session QoS rule : N/A (class 4)
end-reason : unknown






admin@PA-1(active-primary)> show session all

--------------------------------------------------------------------------------
ID Application State Type Flag Src[Sport]/Zone/Proto (translated IP[Port])
Vsys Dst[Dport]/Zone (translated IP[Port])
--------------------------------------------------------------------------------
34071990 ms-update ACTIVE FLOW 10.0.0.23[50023]/trust/6 (10.0.0.23[50023])
vsys1 125.56.201.99[80]/untrust (125.56.201.99[80])
33822077 dns ACTIVE FLOW 10.0.0.23[60631]/trust/17 (10.0.0.23[60631])
vsys1 10.254.0.254[53]/untrust (10.254.0.254[53])






admin@PA-1(active-primary)> show session all filter ?
+ application Application name
+ count count number of sessions only
+ destination destination IP address
+ destination-port Destination port
+ destination-user Destination user
+ egress-interface egress interface
+ from From zone
+ hw-interface hardware interface
+ ingress-interface ingress interface
+ min-kb minimum KB of byte count
+ nat If session is NAT
+ nat-rule NAT rule name
+ pbf-rule Policy-Based-Forwarding rule name
+ protocol IP protocol value
+ qos-class QoS class
+ qos-node-id QoS node-id value
+ qos-rule QoS rule name
+ rematch rematch sessions
+ rule Security rule name
+ source source IP address
+ source-port Source port
+ source-user Source user
+ ssl-decrypt session is decrypted
+ start-at Show next 1K sessions
+ state flow state
+ to To zone
+ type flow type
+ vsys-name vsys-name
| Pipe through a command
Finish input







admin@PA-1(active-primary)> show session all filter application ms-update

--------------------------------------------------------------------------------
ID Application State Type Flag Src[Sport]/Zone/Proto (translated IP[Port])
Vsys Dst[Dport]/Zone (translated IP[Port])
--------------------------------------------------------------------------------
34071990 ms-update ACTIVE FLOW 10.0.0.23[50023]/trust/6 (10.0.0.23[50023])
vsys1 125.56.201.99[80]/untrust (125.56.201.99[80])









関連記事
スポンサーサイト



コメント


管理者のみに表示

トラックバック