< Home

Checking the Session Table Using the Web UI

This section describes how to check the session table using the Web UI to locate faults.

Context

You can check the session table to locate a service fault, for example, interrupted or discontinuous traffic.

  • If a session entry has been established and traffic is permitted by security policies, the possible causes of service interruptions include but are not limited to:
    • Hardware faults on the outgoing interface (such as physical damage of bad cable connections)
    • Packet drop on the downstream device
    • Incorrect routing configuration (To display the outgoing interface and next hop, choose Monitor > Session Table and click in the Details column.)
    • Incorrect packet count on the outgoing interface (To display the traffic statistics, choose Dashboard > Traffic History and click .)
    • Administratively denied packets (packets dropped due to bandwidth management and attack defense policies)
    • Configuration errors
  • If no session entry is established for a service, possible causes include but are not limited to the following:
    • Packets are not forwarded to the FW because of faults on an upstream device or incorrect route configuration.
    • The security policy configured on the FW blocks the packets. For example, the security policy action is configured as Deny, or the source IP address is blacklisted.
    • A hardware fault occurs at the incoming interface. For example, an interface card is damaged, or a network cable is not securely connected.
    • Attack defense functions, except blacklist, discard packets.
    • The bandwidth management function restricts the number of sessions. When the number of sessions exceeds the upper threshold, new sessions cannot be established, and packets are therefore discarded.
    • Configuration errors.

Procedure

  1. Choose Monitor > Session Table.
  2. View information about session entries on the Session Table page.
  3. Click Add Filter and select query conditions to display session entries that meet the conditions.

    Click to add multiple query conditions that are logically ANDed. That is, only sessions satisfying all conditions are displayed.

    You can click to delete a query condition.

    Condition Description
    Virtual System Displays session entries of a specified virtual system.
    Protocol Displays session entries of a specified protocol.
    Application Displays session entries of a specified application.
    Source Zone/Destination Zone Displays session entries of a specified source or destination security zone.
    Source Address/Destination Address Displays session entries of a specified source/destination address or address range.
    NAT Source Address/NAT Destination Address Displays session entries of a specified NATed source/destination address or address range.
    Source Port/Destination Port Displays session entries of a specified source/destination port.
    NAT Source Port/NAT Destination Port Displays session entries of a specified NATed source/destination port.
    Security Policy Displays session entries that match a specified security policy.
    User Name Displays session entries of a specified user.
    Time Range

    Displays session entries created within a specified time range.

    For example, if the time range is 5 minutes, session entries created in the last 5 minutes are displayed.

    NOTE:
    Only sessions that are currently alive can be displayed. If a session is soon deleted or aged after being created, information about this session is not displayed.
    Outbound Interface Displays session entries of a specified outbound interface.
    Packets

    Displays session entries whose number of forward packets, number of reverse packets, or number of two-way packets is no smaller than, smaller than, or equal to a specified value.

    Forward refers to the direction same as the direction from the source security zone to the destination security zone in the session entry. Reverse refers to the direction opposite to the direction from the source security zone to the destination security zone in the session entry.

    For NAT64 sessions, if you query a session based on the source/destination address or port, you can use only the address or port before NAT, but not the address or port after NAT.

Example

The session table of a specified time range is displayed as follows:
Figure 1 The session table of a specified time range is displayed
Click in the Details column to view details on the session table. The following table lists the meaning of each field.
Field Description
Source Virtual System/Destination Virtual System Source and destination virtual system of the session.
Source Zone/Destination Zone Source and destination security zones of the session.
Source Address/Destination Address Source and destination IP addresses of the session.
Source Port/Destination Port Source and destination port of the session.
NAT Source Address/NAT Destination Address Source and destination NAT addresses of the session.
NAT Source Port/NAT Destination Port Source and destination NAT port of the session.
Creation Time

Time for creating the session.
Session Timeout Aging time of the session.
Time Remaining Remaining lifetime of the session.
Protocol Protocol type of the session.
Application Type of application of the session.
Security Policy Security policy that session matches.
User name User name of the session.
Forward Packets/Forward Bytes Number of packets and bytes in the forward direction of the session
Reverse Packets/Reverse Bytes Number of packets and bytes in the reverse direction of the session
Outbound Interface/MAC Address Outbound interface of a session or MAC address of the outbound interface
Next Hop Next-hop IP address of the session.

Follow-up Procedure

The following table lists the other operations on the session table.

Icon Description
Terminate Sessions Delete one or multiple selected sessions.
Terminate All Matching Sessions This button is available after you configure session filtering based on search conditions. You can click this button to delete all sessions that meet the search conditions.
Customize Customize parameters in the session table.
Refresh Click Refresh to view the latest information about the session table.
Clear Search Condition Cancel session filtering by search criteria and display all currently available sessions.

Terminating the session may interrupt the connection. Exercise caution when you perform this operation.

Parent Topic: Viewing the Session Table
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
Next topic >