Issue
After deleting a session through the "Session Browser" or through the CLI the session is still viewable from the command line interface.
See this image:
This session was deleted from the CLI:
admin@PA-4050> clear session id 113133
session 113133 cleared
This output indicates that the session is still viewable:
admin@PA-4050> show session id 113133
Session 113133
c2s flow:
source: 192.168.52.13 [L3-Trust]
dst: 8.8.8.8
proto: 17
sport: 53978 dport: 53
state: INIT type: FLOW
src user: unknown
dst user: unknown
ez fid: 0x0287703f (2, 2, 3, 63)
s2c flow:
source: 8.8.8.8 [L3-Untrust]
dst: 10.46.40.52
proto: 17
sport: 53 dport: 63925
state: INIT type: FLOW
src user: unknown
dst user: unknown
ez fid: 0x058ef03f (5, 2, 3, 63)
Cause
When deleting a session through the "Session Browser" or through the CLI, the session ID associated with the session will remain viewable with the same information until it is overwritten by a new session. To confirm the session has been removed from the active session table run the show session all filter destination command. For session ID 113133 the C2S destination IP of 8.8.8.8 can be filtered to verify that the session ID is no longer in the active session table.
admin@PA-4050> show session all filter destination 8.8.8.8
No Active Sessions
For more information on sessions see Palo Alto Networks Firewall Session Overview
owner: jperry1