Support Support Downloads Knowledge Base Apex Support Portal Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

[ScreenOS] How to determine the timeout of a session and how do they work

0

0

Article ID: KB7046 KB Last Updated: 30 Dec 2019Version: 7.0
Summary:

This article provides information on how to determine the timeout of a session and how session/service timeouts work.

Solution:

The timeout for a session is displayed in the output of the get session command. In output of the the get session command, the time field is the session timeout indicator. The time field value is in units of ticks (1 tick = 10 seconds).

For example:

fw> get session
alloc 24/max 2048, alloc failed 0
id 510/s**,vsys 0,flag 00000040/00/20,policy 320000,time 4
3(01):10.251.7.49/2055->10.251.7.51/514,17,000000000000,vlan 0,tun 0,vsd 0
0(20):10.251.7.49/2055<-10.251.7.51/514,17,000a27b0c2c0,vlan 0,tun 0,vsd 0
id 1021/s**,vsys 0,flag 00000040/80/20,policy 1,time 180
1(21):63.126.135.11/32761->12.234.134.201/1100,6,00d0ba83e6a8,vlan 0,tun 0,vsd0
3(00):63.126.135.11/32761<-12.234.134.201/1100,6,000000000000,vlan 0,tun 0,vsd0

The first session has a timeout of 4 ticks or 40 seconds. The second session has a timeout of 180 ticks or 30 minutes.

The timeout for a session, along with the maximum timeout setting, is also displayed in the output of the get session id <id> command:

fw>  get session id 510
id 510(00000fc2), flag 00000040/0080/0021, vsys id 0(Root)
policy id 320000, application id 0, dip id 0, state 0
current timeout 4, max timeout 60 (second)
By default, most TCP sessions have a default timeout of 30 minutes (180 ticks) and UDP sessions have a default timeout of 60 seconds.


How do session/service timeouts work?

When a packet arrives at the Juniper firewall and it matches an existing session, it will update the timer to the maximum timeout. Otherwise, a timer will start counting down in increments of ticks or 10 seconds. For example, a telnet session is created and no additional data is sent, the session timer will start counting down and after 30 minutes of inactivity, the session will close gracefully. If an application is exited properly, the session will be marked for garbage collection and after 1 tick (or 10 seconds), the session will close.
Modification History:
2019-12-29: Minor, non-technical update.

Related Links

Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search