This allows you to see the current state of the active firewall sessions (up to a maximum of 1000 sessions). You can filter by Source and Destination IP and Port as well as Segment to limit the number of sessions returned.
Note: IPv6 firewall session information can be viewable from the New Orchestrator UI. To view IPv6 firewall session information, you must run the
List Active Firewall Sessions test from the New Orchestrator UI.
When Can You Run This Test
To verify if the session is allowed or blocked. If it is allowed, it would be seen in the output. Also, you can see the current state of the session.
Run the
List Active Firewall Sessions test on the required Edge. Following is an example of the test output:
You can verify denied traffic of firewall under
Monitor >
Firewall logs.
The Remote Diagnostics output displays the following information:
Field
Description
Segment
Specifies the segment in which the firewall session is processed by the Edge. You can also filter the output based on specific segment.
Src IP
Specifies the source IP which initiated the firewall session.
Dst IP
Specifies the destination IP of the firewall session.
Protocol
Specifies the protocol that the firewall session traffic is using.
Src Port
Specifies the source port of the firewall session traffic.
Dst Port
Specifies the destination port of the firewall session traffic.
Application
Specifies the application that is identified by the Application engine/DPI engine.
Firewall Policy
Specifies the firewall rule which is being matched by the session among the configured firewall rules.
TCP State
Specifies the current TCP state of the session. In the output you will see the current TCP state of any flows. There are 11 distinct TCP states as defined in RFC 793:
SERVER_LISTEN - represents the initial state of the TCP FSM on the Edge. This state is not shown in the Remote Diagnostic output, as this is the default state as soon as the session is created for the first packet of the flow. If it is SYN, then it is immediately moved to SYN_SENT state.
SYN_SENT - Session moves to this state, when you see a connection request SYN from the Client to the Server.
SYN_RECEIVED - represents a state where SYN+ACK is received from the Server side.
ESTABLISHED - represents a state after 3-away handshake completing ACK from the Client side. Session is now ready for the data transfer phase.
CLIENT_FIN - From the ESTABLISHED state, transition happens to the CLIENT_FIN state after FIN is received from the Client side. In this state, only FIN or ACK retransmits are allowed from the Client side. But from the Server side, all packets are allowed, with an exception to FIN which moves the state to CLOSING.
SERVER_ FIN - From the ESTABLISHED state, transition happens to the SERVER_FIN state after FIN received from the Server side. In this state, only FIN or ACK retransmits are allowed from the Server side. But from the Client side, all packets are allowed, with an exception to FIN which moves the state to CLOSING.
CLOSING - represents a state when FIN was received from both the Server and Client ends. In this state, only SYN packets are allowed to reopen the session.
CLOSED - represents a state where RST packet received from either the Server or the Client end. In this state, only SYN packets are allowed to reopen the session, any other packets are dropped.
Bytes Sent
Specifies the firewall session traffic from source IP to destination IP in Bytes.
Bytes Received
Specifies the firewall session traffic from destination IP to source IP in Bytes.
Duration
Specifies the age of the firewall session in seconds.
