- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
12-21-2016 02:07 AM
Can some one share some light on creating some API to do below steps:
1) identify an application or port ( for ex: 5555 or backup app) when this traffic apprears on one egress interface , need to clear the sesion for this specified traffic.
( situation: we use PBF for soem traffic to choose one path and when that line down , this traffic takes normal routing path. Even after our PBF line comes up, this will continue taking routing path untill we manually clear it)
12-21-2016 07:04 AM
When your clearing session info you can't filter specifically by egress interface like you would with the show command, you are going to need to filter by hw-interface.
The request would look something like
https://firewall/api/?type=op&cmd=<clear><session><all><filter><hw-interface>ethernet1/2</hw-interface><destination-port>5555</destination-port></filter></all></session></clear>&key=key
Likewise if you would be looking to clear it with the applicaiton specified you would just want to replace the destination-port information with application.
https://firewall/api/?type=op&cmd=<clear><session><all><filter><hw-interface>ethernet1/2</hw-interface><application>backup</application></filter></all></session></clear>&key=key
12-21-2016 08:24 AM
Thank you for the reply.
In my case both egress interfaces are part of one main interface.
for ex: PBF egress interface ether 1/5.1
Routing table egress interface ethernet 1/5.2
So only API with egress interface commnad is required
12-21-2016 08:55 AM
Why don't you just clear based by the pbf rule? You can filter by the pbf-rule name and clear all sessions related to that pbf-rule. I can't recall what the actual xpath would be for it, but if you debug cli on and then run the command it will spit out the xpath that you need.
Also I'm pretty sure the hw-interface can be sub-interfaces perfectly fine; when you are clearing session info the only filters that you have access to are listed below. Notice that egress and ingress options are not available when clearing, only when you are running the show command do you gain those options again.
+ application Application name
+ destination destination IP address
+ destination-port Destination port
+ destination-user Destination user
+ dos-rule DoS protection rule name
+ from From zone
+ hw-interface hardware interface
+ min-kb minimum KB of byte count
+ nat If session is NAT
+ nat-rule NAT rule name
+ pbf-rule Policy-Based-Forwarding rule name
+ protocol IP protocol value
+ qos-class QoS class
+ qos-node-id QoS node-id value
+ qos-rule QoS rule name
+ rule Security rule name
+ source source IP address
+ source-port Source port
+ source-user Source user
+ ssl-decrypt session is decrypted
+ state flow state
+ to To zone
+ type flow type
+ vsys-name vsys-name
<Enter> Finish input
12-29-2016 04:46 AM
Unfortunately the preferred path one PBF rule.
However when that ISP is down it will choose the default route in Virtual router.
So I can not clear by PBF rule
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!