how to clear security flow session based on ip address in one security policy?
I have one polciy which is used to block ip. Everytime when some add ip to the sourec-ip list,he also need to execute clear security flow session since these user are not network admin,I need to limit them only can clear syntax match the address set in the block policy.
@srwd00jfw040> clear security flow session ? Possible completions: <[Enter]> Execute this command all Clear all sessions application Application protocol name application-firewall Show application-firewall sessions destination-port Destination port (1..65535) destination-prefix Destination IP prefix or address family Protocol family idp IDP sessions interface Name of incoming or outgoing interface nat Sessions with network address translation protocol IP protocol number resource-manager Sessions with resource manager session-identifier Clear session with specified session identifier source-port Source port (1..65535) source-prefix Source IP prefix or address tunnel Tunnel sessions | Pipe through a command
What if you ran a clear command that matched your block policy eg:
clear security flow session source-prefix <x.x.x.x> destination-prefix <x.x.x.x> to match your policy?
It's unlikely that you have multiple security policies matching both source and destination, and if you do, you could also inlude application.
You can use following command:
show security policies from-zone <xxx> to-zone <yyy> policy-name <zzz> detail
This will display all address-prefixes and their corrosponding IP addresses. (in source and destination)
Looks as if the new 12.3X48-D10 will help.... there's a 'policy-id' option for the show security flow session command.
Until then, it'll have to be a more manual process...