发布时间 : 2024/5/20 4:03:03 星期一 文章Juniper防火墙日常维护更新完毕开始阅读de4606f9dd3383c4bb4cd279

Failed-sessions: 0 Sessions-in-use: 0 Valid sessions: 0 Pending sessions: 0 Invalidated sessions: 0 Sessions in other states: 0 Maximum-sessions: 524288

Flow Sessions on FPC8 PIC0: Unicast-sessions: 0 Multicast-sessions: 0 Failed-sessions: 0 Sessions-in-use: 0 Valid sessions: 0 Pending sessions: 0 Invalidated sessions: 0 Sessions in other states: 0 Maximum-sessions: 1048576

node1:

--------------------------------------------------------------------------

Flow Sessions on FPC7 PIC0: Unicast-sessions: 0 Multicast-sessions: 0

Failed-sessions: 0 Sessions-in-use: 0 Valid sessions: 0 Pending sessions: 0 Invalidated sessions: 0 Sessions in other states: 0 Maximum-sessions: 524288

Flow Sessions on FPC8 PIC0: Unicast-sessions: 0 Multicast-sessions: 0 Failed-sessions: 0 Sessions-in-use: 0 Valid sessions: 0 Pending sessions: 0 Invalidated sessions: 0 Sessions in other states: 0 Maximum-sessions: 1048576

《Juniper防火墙日常维护手册-v20131112》 第 17页 共59页

1.6.2 查看每秒新建会话数量

（1）ScreenOS

在CLI下命令为：get performance session detail 示例：

JP1000A-> get performance session detail Last 60 seconds:

0: 26 1: 12 2: 19 3: 21 4: 23 5: 20 6: 27 7: 20 8: 32 9: 30 10: 36 11: 29 12: 35 13: 34 14: 13 15: 26 16: 31 17: 34 18: 20 19: 25 20: 24 21: 19 22: 20 23: 24 24: 21 25: 22 26: 24 27: 23 28: 34 29: 24 30: 35 31: 35 32: 34 33: 21 34: 15 35: 26 36: 37 37: 32 38: 36 39: 27 40: 20 41: 32 42: 24 43: 25 44: 21 45: 19 46: 17 47: 16 48: 15 49: 14 50: 17 51: 19 52: 26 53: 38 54: 32 55: 41 56: 11 57: 13 58: 15 59: 11

（2）JunOS

对于JunOS11.4及其以后版本，可以直接查看每秒新建会话数，在CLI - 操作模式下查看SRX Branch防火墙的每秒新建命令为：show security monitoring fpc 0

示例：

root> show security monitoring fpc 0 FPC 0 PIC 0

CPU utilization : 0 % Memory utilization : 69 % Current flow session : 6 Current flow session IPv4: 0 Current flow session IPv6: 0 Max flow session : 262144

Total Session Creation Per Second (for last 96 seconds on average): 0 IPv4 Session Creation Per Second (for last 96 seconds on average): 0 IPv6 Session Creation Per Second (for last 96 seconds on average): 0

对于JunOS11.4之前的版本，只能查看每秒会话数，在CLI - 操作模式下命令为：security monitoring performance session

《Juniper防火墙日常维护手册-v20131112》 第 18页 共59页

示例：

syro@JP650A > show security monitoring performance session fpc 0 pic 0 Last 60 seconds:

0: 18 1: 18 2: 17 3: 18 4: 17 5: 14 6: 14 7: 17 8: 16 9: 17 10: 16 11: 17 12: 17 13: 18 14: 16 15: 16 16: 15 17: 15 18: 14 19: 15 20: 13 21: 14 22: 12 23: 27 24: 27 25: 56 26: 55 27: 78 28: 61 29: 79 30: 59 31: 75 32: 59 33: 81 34: 64 35: 78 36: 61 37: 75 38: 60 39: 51 40: 40 41: 50 42: 47 43: 69 44: 60 45: 69 46: 56 47: 76 48: 67 49: 78 50: 57 51: 74 52: 55 53: 78 54: 60 55: 70 56: 51 57: 62 58: 48 59: 29

syro@JP3600A > show security monitoring performance session node0:

-------------------------------------------------------------------------- fpc 7 pic 0 Last 60 seconds:

0: 9761 1: 9987 2: 9713 3: 9965 4: 9692 5: 9989 6: 9703 7: 9958 8: 9653 9: 9878 10: 9616 11: 9940 12: 9691 13: 10065 14: 9814 15: 10010 16: 9731 17: 9887 18: 9610 19: 9857 20: 9636 21: 9910 22: 9649 23: 9938 24: 9686 25: 9952 26: 9704 27: 9988 28: 9735 29: 9984 30: 9723 31: 10009 32: 9758 33: 10105 34: 9878 35: 10155 36: 9881 37: 10107 38: 9798 39: 10032 40: 9795 41: 10068 42: 9792 43: 10073 44: 9829 45: 10082 46: 9813 47: 10060 48: 9775 49: 10061 50: 9791 51: 10008 52: 9732 53: 9963 54: 9721 55: 9935 56: 9668 57: 9938 58: 9696 59: 9993 fpc 8 pic 0 Last 60 seconds:

0: 20252 1: 19658 2: 20188 3: 19608 4: 20185 5: 19660 6: 20164 7: 19591 8: 20039 9: 19492 10: 19938 11: 19433 12: 20098 13: 19642 14: 20275 15: 19714 16: 20013 17: 19445 18: 19841 19: 19325 20: 19824 21: 19358 22: 19880 23: 19371 24: 19936 25: 19429 26: 19876 27: 19396 28: 19938 29: 19459 30: 19911 31: 19369 32: 20068 33: 19565 34: 20332 35: 19645 36: 20309 37: 19657 38: 20128 39: 19471 40: 20010 41: 19493 42: 20049 43: 19536 44: 20163 45: 19644 46: 20132 47: 19624 48: 20154 49: 19575 50: 20097 51: 19529 52: 20041 53: 19525 54: 19978 55: 19488 56: 19899 57: 19372 58: 19984 59: 19500

《Juniper防火墙日常维护手册-v20131112》 第 19页 共59页

node1:

-------------------------------------------------------------------------- fpc 7 pic 0 Last 60 seconds:

0: 10213 1: 10447 2: 10172 3: 10424 4: 10150 5: 10432 6: 10153 7: 10362 8: 10078 9: 10394 10: 10134 11: 10472 12: 10219 13: 10530 14: 10279 15: 10450 16: 10134 17: 10347 18: 10066 19: 10312 20: 10093 21: 10400 22: 10137 23: 10384 24: 10147 25: 10456 26: 10193 27: 10437 28: 10184 29: 10507 30: 10265 31: 10570 32: 10314 33: 10694 34: 10467 35: 10659 36: 10407 37: 10618 38: 10315 39: 10519 40: 10293 41: 10561 42: 10285 43: 10555 44: 10300 45: 10540 46: 10256 47: 10573 48: 10296 49: 10496 50: 10234 51: 10447 52: 10169 53: 10364 54: 10115 55: 10406 56: 10140 57: 10385 58: 10155 59: 10445 fpc 8 pic 0 Last 60 seconds:

0: 21893 1: 21280 2: 21813 3: 21250 4: 21759 5: 21230 6: 21668 7: 21122 8: 21685 9: 21176 10: 21775 11: 21254 12: 21735 13: 21272 14: 21791 15: 21155 16: 21508 17: 20933 18: 21439 19: 20944 20: 21514 21: 21026 22: 21461 23: 20970 24: 21540 25: 21045 26: 21494 27: 20991 28: 21684 29: 21223 30: 21909 31: 21367 32: 22025 33: 21539 34: 22163 35: 21480 36: 21933 37: 21282 38: 21790 39: 21194 40: 21827 41: 21311 42: 21793 43: 21264 44: 21860 45: 21300 46: 21830 47: 21292 48: 21762 49: 21222 50: 21607 51: 21063 52: 21449 53: 20899 54: 21527 55: 21041 56: 21509 57: 21017 58: 21527 59: 21033

{primary:node0}

1.6.3 查看防火墙所有会话条目

（1）ScreenOS

在CLI下命令为：get session 示例：

JP1000A-> get session

alloc 2976/max 524288, alloc failed 0, mcast alloc 0, di alloc failed 0 total reserved 0, free sessions in shared pool 521312 slot 2: hw0 alloc 2976/max 524287

id 482707/s0*,vsys 0,flag 10200400/4000/0003,policy 20036,time 1302, dip 36 module 0

if 130(nspflag 0805):192.168.12.101/4795->10.1.131.244/8000,6,000000000000,sess token 4,vlan 32,tun 0,vsd

《Juniper防火墙日常维护手册-v20131112》 第 20页 共59页