Support Support Downloads Knowledge Base Apex Support Portal Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

Summarized session count on the first line of 'get session' is greater than the number of sessions listed on the full 'get session' output

0

0

Article ID: KB11064 KB Last Updated: 11 Aug 2010Version: 3.0
Summary:
Total session count doesn't match 'alloc' value.
Symptoms:

The summarized session count shown in bold on the first line of the 'get session' output does not match the counter shown at the bottom of the 'get session'  output

-> get session
alloc 5/max 524288, alloc failed 0, di alloc failed 0
slot 2: hw0 alloc 2/max 1048576
id 74846/s**,vsys 0,flag 00000040/0080/23,policy 320002,time 180, dip 0
 0(0601):53.4.1..26/4150->2.2.1.181/22,6,00121e12d440,6,vlan 0,tun 0,vsd 0,route 3
 3(0010):53.4.1..26/4150<-2.2.1.181/22,6,000000000000,4,vlan 0,tun 0,vsd 0,route 0
id 74867/s0*,vsys 0,flag 00000040/0080/23,policy 303,time 1, dip 0
 3(0011):3.2.1.21/1531->64.34.1.43/7800,6,000000000000,4,vlan 0,tun 0,vsd 0,route 0
 45(0600):3.2.1.21/1531<-64.34.1.43/7800,6,000000000000,15,vlan 0,tun 0,vsd 0,route 15
id 74868/s0*,vsys 0,flag 00000040/0080/23,policy 306,time 1, dip 0
 3(0011):3.2.1.21/1530->23.34.1.8.26/7800,6,000000000000,4,vlan 0,tun 0,vsd 0,route 0
 45(0600):3.2.1.21/1530<-23.34.1.8.26/7800,6,000000000000,15,vlan 0,tun 0,vsd 0,route 15
Total 3 sessions shown



Solution:

The summarized session count shown on the first line of the 'get session' output may be greater than the number of sessions listed on the full 'get session' output because the counter takes into account the active tunnel sessions, but does not display the active tunnel session in the 'get session' output. To display the tunnel sessions, you need to execute the command 'get session tunnel'.

isg2000-> get session tunn

alloc 5/max 524288, alloc failed 0, di alloc failed 0
slot 2: hw0 alloc 2/max 1048576
id 74865/s**,vsys 0,flag 00010000/0000/03,policy -1,time 174, dip 0
 45(0600):1.1.1.1/0->43.45227.20/0,50,000000000000,15,vlan 0,tun 0,vsd 0,route 15
id 74866/s**,vsys 0,flag 00010000/0000/03,policy -1,time 174, dip 0
 45(0600):1.1.1.1/0->43.45227.20/0,50,000000000000,15,vlan 0,tun 0,vsd 0,route 15
Total 2 sessions shown

For instance, let's say you have 2 active tunnel sessions, 1 ssh session to the firewall, and 2 user sessions through the firewall.  The 'get session' counter will list that there are 5 ongoing sessions allocated (see 'get session' output in Problem section), but the full output will only show 3 sessions (1 ssh and 2 user session).  The 'get session tunnel' output will look like the above output.


NOTE:  To get the total number of sessions (that are not tunnel sessions), enter the command 'get session | inc total'.  It will simply display the last line of the 'get session' output:

isg2000-> get session | inc total
Total 3 sessions shown




Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search