Need script to kill a session

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Need script to kill a session

L4 Transporter

I need to kill a session automatically for one appplication when this application appears on one egress interface.

We have PBF rule for forcing some application to one ISP and virtual router for other ISP.

once the PBF ISP is down, it goes to second ISP via virtual router.

For some application it stays in that ISP for a long time untill we manually kill it.

Is there any way to kill the these sessions everyday . Now we manually clear every day morning 

PCNSE-7, ACE-6,ACE 7 , CCNP, CCNA,CCIE(theory) , RHCE
Firewalldog dot com
7 REPLIES 7

L4 Transporter
 
PCNSE-7, ACE-6,ACE 7 , CCNP, CCNA,CCIE(theory) , RHCE
Firewalldog dot com

L4 Transporter

The API job should be like this

1) identify the application or ort traffic

2 See if it comes on one egress interface

3) If come son this interface kill or clear the session.

 

 

Any idea

PCNSE-7, ACE-6,ACE 7 , CCNP, CCNA,CCIE(theory) , RHCE
Firewalldog dot com

Lets make  more simple what should be the manual api command to clear an application traffic which goes out through one specific interface. Then as next step i can think about automating this.

PCNSE-7, ACE-6,ACE 7 , CCNP, CCNA,CCIE(theory) , RHCE
Firewalldog dot com

You'd do an XML API call for <show><session><all><filter></filter></all></session></show> for both application and egress-interface then pass the ID's into <clear><session><id></id></session></clear> in a for loop.

 

It'd be easy enough to automate it by querying once every n seconds and checking if the value of the first call returns any jobs.

How can i pass the session id automatically to this script of killing

PCNSE-7, ACE-6,ACE 7 , CCNP, CCNA,CCIE(theory) , RHCE
Firewalldog dot com

Poll for matching sessions with your filter and pass it into a for loop through your favorite scripting language which clears each session.

May be a basic question , However i have never tred API in loop level is it possible to run this type of script in some interval like 4 hours etc. in Palo Alto, where we need to schedule this, any sample loop configuration which runs in every interval

PCNSE-7, ACE-6,ACE 7 , CCNP, CCNA,CCIE(theory) , RHCE
Firewalldog dot com
  • 4423 Views
  • 7 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!