Palo Alto Networks Knowledgebase: Session Still Viewable in Command Line After Deleting Session ID

Session Still Viewable in Command Line After Deleting Session ID

2611
Created On 02/07/19 23:38 PM - Last Updated 02/07/19 23:38 PM
Content Release Deployment
Resolution

Issue

After deleting a session through the "Session Browser" or through the CLI the session is still viewable from the command line interface.

See this image:

SessionBrowser2.PNG

 

This session was deleted from the CLI:

admin@PA-4050> clear session id 113133

session 113133 cleared


This output indicates that the session is still viewable:

admin@PA-4050> show session id 113133

Session          113133

        c2s flow:
                source:      192.168.52.13 [L3-Trust]
                dst:         8.8.8.8
                proto:       17
                sport:       53978           dport:      53
                state:       INIT            type:       FLOW
                src user:    unknown
                dst user:    unknown
                ez fid:      0x0287703f (2, 2, 3, 63)

        s2c flow:
                source:      8.8.8.8 [L3-Untrust]
                dst:         10.46.40.52
                proto:       17
                sport:       53              dport:      63925
                state:       INIT            type:       FLOW
                src user:    unknown
                dst user:    unknown
                ez fid:      0x058ef03f (5, 2, 3, 63)

 

Cause

When deleting a session through the "Session Browser" or through the CLI, the session ID associated with the session will remain viewable with the same information until it is overwritten by a new session. To confirm the session has been removed from the active session table run the show session all filter destination command. For session ID 113133 the C2S destination IP of 8.8.8.8 can be filtered to verify that the session ID is no longer in the active session table.


admin@PA-4050> show session all filter destination 8.8.8.8

No Active Sessions

 

For more information on sessions see Palo Alto Networks Firewall Session Overview

 

owner: jperry1



Attachments
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000Cm48CAC&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Attachments
Choose Language