Viewing Top Sessions Using the CLI
You can use the CLI to query top N source or destination IP addresses that initiate the largest number of sessions or the heaviest traffic based on query conditions.
Context
For top N IPv4 statistics, during ranking by traffic, the FW collects statistics on traffic processed by the SPU. Therefore, if hardware fast forwarding is enabled, and the ranking is based on traffic, statistics on traffic fast-forwarded cannot be collected. To collect statistics on all traffic, disable hardware fast forwarding first. IPv6 traffic does not support hardware fast forwarding; therefore, top N IPv6 statistics collection does not have this restriction.
If the ranking is based on sessions, statistics collection is not affected by the hardware fast forwarding function. This is because that sessions are created on the MPU, regardless of whether hardware fast forwarding is enabled.
Procedure
- Query top N IPv4 statistics.
- In any view, query top N source IPv4 addresses that have the largest number of sessions or the most traffic in the root system and all virtual systems.
display firewall topn source-ip { session-number | traffic [ interval interval ] } all-systems [ destination ip-address { range start-ipv4-address end-ipv4-address | ipv4-address | top-number number | slot slot-id cpu cpu-id ] *
- In any view, query top N destination IPv4 addresses that have the largest number of sessions or the most traffic in the root system and all virtual systems.
display firewall topn destination-ip { session-number | traffic [ interval interval ] } all-systems [ source ip-address { range start-ipv4-address end-ipv4-address | ipv4-address | top-number number | slot slot-id cpu cpu-id ] *
- In any view, query top N source IPv4 addresses that have the largest number of sessions or the most traffic in the root system or a specified virtual system.
display firewall topn source-ip { session-number | traffic [ interval interval ] } [ vsys vsys-name ] [ destination ip-address { range sstart-ipv4-address end-ipv4-address | ipv4-address | source-zone zone-name | top-number number | slot slot-id cpu cpu-id ] *
- In any view, query top N destination IPv4 addresses that have the largest number of sessions or the most traffic in the root system or a specified virtual system.
display firewall topn destination-ip { session-number | traffic [ interval interval ] } [ vsys vsys-name ] [ source ip-address { range start-ipv4-address end-ipv4-address | ipv4-address | source-zone zone-name | top-number number | slot slot-id cpu cpu-id ] *
- In any view, query top N IPv4 sessions by the number of packets or the average packet rate.
display firewall topn session packet [ rate ] [ all-systems | vsys vsys-name ] [ top-number number ] [ slot slot cpu cpu ]
- In any view, query top N source IPv4 addresses that have the largest number of sessions or the most traffic in the root system and all virtual systems.
- Query top N IPv6 statistics.
- In any view, query top N source IPv6 addresses that have the largest number of sessions or the most traffic in the root system and all virtual systems.
display firewall ipv6 topn source-ip { session-number | traffic [ interval interval ] } all-systems [ destination ip-address { range start-ipv6-address end-ipv6-address | ipv6-address | top-number number | slot slot-id cpu cpu-id ] *
- In any view, query top N destination IPv6 addresses that have the largest number of sessions or the most traffic in the root system and all virtual systems.
display firewall ipv6 topn destination-ip { session-number | traffic [ interval interval ] } all-systems [ source ip-address { range start-ipv6-address end-ipv6-address | ipv6-address | top-number number | slot slot-id cpu cpu-id ] *
- In any view, query top N source IPv6 addresses that have the largest number of sessions or the most traffic in the root system or a specified virtual system.
display firewall ipv6 topn source-ip { session-number | traffic [ interval interval ] } [ vsys vsys-name ] [ destination ip-address { range start-ipv6-address end-ipv6-address | ipv6-address | source-zone zone-name | top-number number | slot slot-id cpu cpu-id ] *
- In any view, query top N destination IPv6 addresses that have the largest number of sessions or the most traffic in the root system or a specified virtual system.
display firewall ipv6 topn destination-ip { session-number | traffic [ interval interval ] } [ vsys vsys-name ] [ source ip-address { range start-ipv6-address end-ipv6-address | ipv6-address | source-zone zone-name | top-number number | slot slot-id cpu cpu-id ] *
- In any view, query top N source IPv6 addresses that have the largest number of sessions or the most traffic in the root system and all virtual systems.