What do the NS, ND and NB Session Flags Mean?

What do the NS, ND and NB Session Flags Mean?

27523
Created On 09/26/18 13:54 PM - Last Modified 06/08/23 02:35 AM


Resolution


 

  • In the output of 'show session all',  some sessions will show a flag:
admin@anuragFW> show session all

16752      dns             ACTIVE   FLOW    NS         192.168.125.120[57002]/Inside/17 (172.16.9.8[54745])
vsys1                                                  8.8.8.8[53]/Outside (8.8.8.8[53])
16880      web-browsing    ACTIVE   FLOW   *NS         192.168.125.120[51297]/Inside/6 (172.16.9.8[53511])
vsys1                                                  192.82.210.130[443]/Outside (192.82.210.130[443])

 

 

The session flags are as follows:

  • NS (NAT Source) means the source address was translated.
  • ND (NAT Destination) means the destination address was translated.
  • NB (NAT Bidirectional) means both the source and destination addresses were translated.

Note:   A flag with an asterisk  *  indicates that the session was decrypted.

 

 

See also

View session statistics from CLI

Session states and types

Tips and Tricks: Session timeouts

 

 

owner: ansharma
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClzbCAC&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language