SRX

hi,all

how to clear security flow session based on ip address in one security policy?

I have one polciy which is used to block ip. Everytime when some add ip to the sourec-ip list,he also need to execute clear security flow session since these user are not network admin,I need to limit them only can clear syntax match the address set in the block policy.

@srwd00jfw040> clear security flow session ?  
Possible completions:
  <[Enter]>            Execute this command
  all                  Clear all sessions
  application          Application protocol name
  application-firewall  Show application-firewall sessions
  destination-port     Destination port (1..65535)
  destination-prefix   Destination IP prefix or address
  family               Protocol family
  idp                  IDP sessions
  interface            Name of incoming or outgoing interface
  nat                  Sessions with network address translation
  protocol             IP protocol number
  resource-manager     Sessions with resource manager
  session-identifier   Clear session with specified session identifier
  source-port          Source port (1..65535)
  source-prefix        Source IP prefix or address
  tunnel               Tunnel sessions
  |                    Pipe through a command

Hi Robbie,

What if you ran a clear command that matched your block policy eg:

clear security flow session source-prefix <x.x.x.x> destination-prefix <x.x.x.x> to match your policy? 

It's unlikely that you have multiple security policies matching both source and destination, and if you do, you could also inlude application.

You can use following command:

show security policies from-zone <xxx> to-zone <yyy> policy-name <zzz> detail

This will display all address-prefixes and their corrosponding IP addresses. (in source and destination)

Looks as if the new 12.3X48-D10 will help....  there's a 'policy-id' option for the show security flow session command. 

Until then, it'll have to be a more manual process...

Regards,

Sam