Enhanced Security Measures in Place: To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.
03-28-2014 02:58 AM
Running PANOS 6.0.1. I can't seem to clear a session from the CLI. Just tested on a PA-500 running 6.0.0-b42 and I have the same problem.
Anyone knows if this is a bug?
admin@PA-vm> show session all filter destination 212.x.x.x
--------------------------------------------------------------------------------
ID Application State Type Flag Src[Sport]/Zone/Proto (translated IP[Port])
Vsys Dst[Dport]/Zone (translated IP[Port])
--------------------------------------------------------------------------------
37676 ms-lync-base ACTIVE FLOW *NS 10.123.48.19[52444]/L3-LAN/6 (84.x.x.x[49836])
vsys1 212.x.x.x[443]/L3-Internet (212.x.x.x[443])
admin@PA-vm> clear session id 37676
session 37676 cleared
admin@PA-vm> show session all filter destination 212.x.x.x
--------------------------------------------------------------------------------
ID Application State Type Flag Src[Sport]/Zone/Proto (translated IP[Port])
Vsys Dst[Dport]/Zone (translated IP[Port])
--------------------------------------------------------------------------------
37676 ms-lync-base ACTIVE FLOW *NS 10.123.48.19[52444]/L3-LAN/6 (84.x.x.x[49836])
vsys1 212.x.x.x[443]/L3-Internet (212.x.x.x[443])
admin@PA-vm>
03-28-2014 07:43 PM
In 6.0 there is issue with clearing the session with ID and identified as bug. It would be fixed in later maintenance release (probably 6.0.2). Can you try clearing the session by using filters than specific session id and that should clear the session eg: > clear session all filter source destination application SSH
03-28-2014 06:28 AM
Hello Sir,
Could you please check the session details with below mentioned command:
admin@PA-vm> show session id 37676 >>>>Then verify the session start time.
Clear the session admin@PA-vm> clear session id 37676
Again, verify the same session ID: admin@PA-vm> show session id 37676 >>>>>>> check session start time, if this is showing the same start time.
Try to clear the same session from the session browser and let us know the result.
Thanks
03-28-2014 08:23 AM
admin@PA-vm> show session id 30711 | match start
start time : Fri Mar 28 16:17:33 2014
admin@PA-vm> clear session id 30711
session 30711 cleared
admin@PA-vm> show session id 30711 | match start
start time : Fri Mar 28 16:17:33 2014
Note: session 30711 is my ssh session to one of the dataplane ports of the Palo Alto, so clearing it should disconnect me. (Just as an example, other sessions can also not be cleared from the CLI)
When pressing the cross in the session browser for the session with ID 30711, the cross disappears, all information remains on the page about the session, the ssh session keeps on running and I get the same info for:
admin@PA-vm> show session id 30711 | match start
start time : Fri Mar 28 16:17:33 2014
03-28-2014 07:43 PM
In 6.0 there is issue with clearing the session with ID and identified as bug. It would be fixed in later maintenance release (probably 6.0.2). Can you try clearing the session by using filters than specific session id and that should clear the session eg: > clear session all filter source destination application SSH
03-28-2014 07:57 PM
Hello,
It it your production firewall or a test FW..?
Thanks
03-31-2014 10:28 AM
I ran into this as well after upgrading to 6.0, I tried multiple iterations of clearing session with ID with no luck,
later gave a shot using specific filter conditions and was able to get it cleared.
04-01-2014 10:23 AM
knarra1 is correct - This issue should be fixed in 6.0.2.
04-25-2014 02:30 PM
For documentation purposes: fixed in 6.0.2
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
