GUI Showing Zero Byte Sessions in the Session Table

by ppatel on ‎09-20-2012 09:37 PM (4,128 Views)


Some sessions in the WebUI as well as CLI show zero bytes.


Viewing session details via CLI reveals the folllwing:

Session 342567

c2s flow:

source: [boe-trust]


proto: 6

sport: 0 dport: 6081

state: ACTIVE type: PRED

src user: unknown

dst user: unknown

s2c flow:

source: [boe-untrust]


proto: 6

sport: 6081 dport: 0

state: OPENING type: PRED

src user: unknown

dst user: unknown

start time : Wed Sep 19 12:02:15 2012

timeout : 60 sec

time to live : 10 sec

total byte count(c2s) : 0

total byte count(s2c) : 0

layer7 packet count(c2s) : 0

layer7 packet count(s2c) : 0

vsys : vsys5

application : undecided

rule :

application db : 0

session to be logged at end : False

session in session ager : True

session synced from HA peer : False

address/port translation : source + destination

nat-rule : global-nat(vsys5)

prediction triggered by : server

prediction matched once : False


The sessions listed above from the CLI output are "Predict" sessions. It is normal expected behavior for predict sessions to show zero bytes.

A predict session is a session that was opened for expected traffic to eventually hit the firewall using the 6-tuple listed in the predict session.

Once traffic matches that predict session, the predict session turns into an active flow which is a "real" session. Until then, zero bytes is normal and expected.

owner: ppatel

Ignite 2018, Amsterdam, Netherlands
Ask Questions Get Answers Join the Live Community