< Home

reset firewall session table

Function

The reset firewall session table command clears information about the session table.

Format

reset firewall session table [ vsys vsys-name ] [ source-zone source-zone | destination-zone destination-zone | { default-policy | policy policy-name } | source-cpe start-ipv6-address [ to end-ipv6-address ] | source { inside start-ip-address [ to end-ip-address ] | global start-ip-address [ to end-ip-address ] } | destination-cpe start-ipv6-address [ to end-ipv6-address ] | destination { inside start-ip-address [ to end-ip-address ] | global start-ip-address [ to end-ip-address ] } | slot slot-id cpu cpu-id | protocol { id | tcp | udp | sctp | icmp | ah | esp | gre } | application application-name | source-port { inside port-number | global port-number } | destination-port { inside port-number | global port-number } | interface { interface-name | interface-type interface-number } | service service-type | vlan vlan-id | created-in time | long-link | user user-name | { local | remote } ] *

reset firewall session table all-systems [ source-cpe start-ipv6-address [ to end-ipv6-address ] | source { inside start-ip-address [ to end-ip-address ] | global start-ip-address [ to end-ip-address ] } | destination-cpe start-ipv6-address [ to end-ipv6-address ] | destination { inside start-ip-address [ to end-ip-address ] | global start-ip-address [ to end-ip-address ] } | slot slot-id cpu cpu-id | protocol { id | tcp | udp | sctp | icmp | ah | esp | gre } | source-port { inside port-number | global port-number } | destination-port { inside port-number | global port-number } | interface { interface-name | interface-type interface-number } | service service-type | vlan vlan-id | created-in time | long-link | { local | remote } ] *

reset firewall session table session-id session-id

Parameters

Parameter Description Value

all-systems

Display the session entries of all systems.

-

vsys vsys-name

Display the session entries of the specified virtual system.

The value must be the name of an existing virtual system.

source-zone source-zone

Clears the session entries with the specified source security zone.

-

destination-zone destination-zone

Clears the session entries with the specified destination security zone.

-

default-policy

Clears the session entries with the default policy.

-

policy policy-name

Clears the session entries with the specified security policy name.

The value must be the name of an existing policy.

source-cpe

Display the session entries with the specified source cpe.

-

destination-cpe

Display the session entries with the specified destination cpe.

-

start-ipv6-address [ to end-ipv6-address ]

Specifies the IPv6 address.

  • If the parameter to end-ipv6-address is selected, it indicates that the start IPv6 address and the end IPv6 address are specified at the same time.

  • If the parameter to end-ipv6-address is not selected, it indicates that only the start IPv6 address is specified.

-

source

Clears the session entries with the specified source IP address.

-

destination

Clears the session entries with the specified destination IP address.

-

inside

Specifies a private IP address.

The value is in dotted decimal notation. For source IP addresses, inside indicates the pre-NAT private IP address. For destination IP addresses, inside indicates the private IP address of the NAT server.

global

Specifies a public IP address.

The value is in dotted decimal notation. For source IP addresses, global indicates the post-NAT public IP address. For destination IP addresses, global indicates the public IP address of the NAT server accessible to external users.

start-ip-address [ to end-ip-address ]

Specifies the IP address.

  • If the parameter to end-ip-address is selected, it indicates that the start IP address and the end IP address are specified at the same time.

  • If the parameter to end-ip-address is not selected, it indicates that only the start IP address is specified.

-

slot slot-id

Clears the session entries with the specified slot ID.

Only the USG6635E/6655E, USG6680E and USG6712E/6716E support this parameter.

-

cpu cpu-id

Clears the session entries with the specified CPU ID.

Only the USG6635E/6655E, USG6680E and USG6712E/6716E support this parameter.

-

service service-name

Clears the session entries of the specified service.

The specified service can be DNS, FTP, H323, HTTP, HWCC, ILS, MGCP, MMS, MSN, PPTP, QQ, RAS, RPC, RTSP, SIP, SMTP, SQLNET, STUN, Telnet, or TFTP, etc.

protocol { id | tcp | sctp | udp | icmp | ah | esp | gre }

Clears the session entries of the specified protocol.

  • If id is selected, the protocol number is specified.

  • If tcp is selected, TCP session entries are displayed.

  • If udp is selected, UDP session entries are displayed.

  • If sctp is selected, SCTP session entries are displayed.

  • If icmp is selected, ICMP session entries are displayed.

  • If ah is selected, AH session entries are displayed.

  • If esp is selected, ESP session entries are displayed.

  • If gre is selected, GRE session entries are displayed.

The value of id is an integer ranging from 0 to 255.

application application-name

Clears the session entries of the specified application.

-

vlan vlan-id

Clears all vlan session entries.

The value must be the ID of an existing VLAN.

created-in time

Clear the session information created in a specified recent period (in minutes). If time is set to 5, the session information created in the latest 5 minutes is to be cleared.

The value is an integer ranging from 1 to 65535.

source-port

Clears the session entries with the specified source port.

The value is an integer ranging from 1 to 65535.

destination-port

Clears the session entries with the specified destination port.

The value is an integer ranging from 1 to 65535.

inside port-number

Specifies the inside port.

The value is an integer ranging from 1 to 65535.

global port-number

Specifies the global port.

The value is an integer ranging from 1 to 65535.

interface { interface-name | interface-type interface-number }

Clears the session entries of the specified outbound interface.

-

long-link

Clears all persistent connection session entries.

-

user user-name

Clears the session entries of the specified user.

The value must be the name of an existing user.

local

Clears the session table on the local device. The command without local Clears all session tables.

-

remote

Clears the backup session table on the remote device. The command without remote Clears all session tables.

-

session-id session-id

Clears the session entries of the specified session ID.

The value must be the ID of an existing session.

Views

User view

Default Level

2: Configuration level

Usage Guidelines

This command clears only sessions in forwarding modules, but not those in other modules, such as TCP proxy sessions, application proxy sessions, and engine sessions.

Removing session entries interrupts all the session connections. So, confirm the action before you run the command.

Example

# Clear information about the session table.

<sysname> reset firewall session table
Warning:Reseting session table will affect the system's normal service.
Continue? [Y/N]:y
Parent Topic: Session Table Configuration Commands
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic Next topic >