Need script to kill a session

L4 Transporter

Need script to kill a session

I need to kill a session automatically for one appplication when this application appears on one egress interface.

We have PBF rule for forcing some application to one ISP and virtual router for other ISP.

once the PBF ISP is down, it goes to second ISP via virtual router.

For some application it stays in that ISP for a long time untill we manually kill it.

Is there any way to kill the these sessions everyday . Now we manually clear every day morning 

PCNSE-7, ACE-6,ACE 7 , CCNP, CCNA,CCIE(theory) , RHCE
Firewalldog dot com
L4 Transporter

Re: Need script to kill a session

 
PCNSE-7, ACE-6,ACE 7 , CCNP, CCNA,CCIE(theory) , RHCE
Firewalldog dot com
L4 Transporter

Re: Need script to kill a session

The API job should be like this

1) identify the application or ort traffic

2 See if it comes on one egress interface

3) If come son this interface kill or clear the session.

 

 

Any idea

PCNSE-7, ACE-6,ACE 7 , CCNP, CCNA,CCIE(theory) , RHCE
Firewalldog dot com
L4 Transporter

Re: Need script to kill a session

Lets make  more simple what should be the manual api command to clear an application traffic which goes out through one specific interface. Then as next step i can think about automating this.

PCNSE-7, ACE-6,ACE 7 , CCNP, CCNA,CCIE(theory) , RHCE
Firewalldog dot com
L4 Transporter

Re: Need script to kill a session

You'd do an XML API call for <show><session><all><filter></filter></all></session></show> for both application and egress-interface then pass the ID's into <clear><session><id></id></session></clear> in a for loop.

 

It'd be easy enough to automate it by querying once every n seconds and checking if the value of the first call returns any jobs.

L4 Transporter

Re: Need script to kill a session

How can i pass the session id automatically to this script of killing

PCNSE-7, ACE-6,ACE 7 , CCNP, CCNA,CCIE(theory) , RHCE
Firewalldog dot com
L4 Transporter

Re: Need script to kill a session

Poll for matching sessions with your filter and pass it into a for loop through your favorite scripting language which clears each session.

L4 Transporter

Re: Need script to kill a session

May be a basic question , However i have never tred API in loop level is it possible to run this type of script in some interval like 4 hours etc. in Palo Alto, where we need to schedule this, any sample loop configuration which runs in every interval

PCNSE-7, ACE-6,ACE 7 , CCNP, CCNA,CCIE(theory) , RHCE
Firewalldog dot com
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!