SRX

Expand all | Collapse all

how to clear security flow session based on ip address in one security policy?

Jump to Best Answer
  • 1.  how to clear security flow session based on ip address in one security policy?

    Posted 03-05-2015 05:04

    hi,all

    how to clear security flow session based on ip address in one security policy?

    I have one polciy which is used to block ip. Everytime when some add ip to the sourec-ip list,he also need to execute clear security flow session since these user are not network admin,I need to limit them only can clear syntax match the address set in the block policy.

     

    @srwd00jfw040> clear security flow session ?  
    Possible completions:
      <[Enter]>            Execute this command
      all                  Clear all sessions
      application          Application protocol name
      application-firewall  Show application-firewall sessions
      destination-port     Destination port (1..65535)
      destination-prefix   Destination IP prefix or address
      family               Protocol family
      idp                  IDP sessions
      interface            Name of incoming or outgoing interface
      nat                  Sessions with network address translation
      protocol             IP protocol number
      resource-manager     Sessions with resource manager
      session-identifier   Clear session with specified session identifier
      source-port          Source port (1..65535)
      source-prefix        Source IP prefix or address
      tunnel               Tunnel sessions
      |                    Pipe through a command



  • 2.  RE: how to clear security flow session based on ip address in one security policy?

     
    Posted 03-06-2015 02:38

    Hi Robbie,

     

    What if you ran a clear command that matched your block policy eg:

     

    clear security flow session source-prefix <x.x.x.x> destination-prefix <x.x.x.x> to match your policy? 

     

    It's unlikely that you have multiple security policies matching both source and destination, and if you do, you could also inlude application.



  • 3.  RE: how to clear security flow session based on ip address in one security policy?

    Posted 03-06-2015 03:35
    I need to get the address list from policy from some variable parameter

    Is it possible??


  • 4.  RE: how to clear security flow session based on ip address in one security policy?

    Posted 03-09-2015 02:40

    You can use following command:

    show security policies from-zone <xxx> to-zone <yyy> policy-name <zzz> detail

     

    This will display all address-prefixes and their corrosponding IP addresses. (in source and destination)

     

     



  • 5.  RE: how to clear security flow session based on ip address in one security policy?
    Best Answer

     
    Posted 03-16-2015 07:08

    Looks as if the new 12.3X48-D10 will help....  there's a 'policy-id' option for the show security flow session command. 

     

    Until then, it'll have to be a more manual process...

     

     

    Regards,

    Sam