Can't clear session from CLI

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Can't clear session from CLI

L4 Transporter

Running PANOS 6.0.1. I can't seem to clear a session from the CLI. Just tested on a PA-500 running 6.0.0-b42 and I have the same problem.

Anyone knows if this is a bug?

admin@PA-vm> show session all filter destination 212.x.x.x

--------------------------------------------------------------------------------

ID          Application    State   Type Flag  Src[Sport]/Zone/Proto (translated IP[Port])

Vsys                                          Dst[Dport]/Zone (translated IP[Port])

--------------------------------------------------------------------------------

37676        ms-lync-base   ACTIVE  FLOW *NS   10.123.48.19[52444]/L3-LAN/6  (84.x.x.x[49836])

vsys1                                          212.x.x.x[443]/L3-Internet  (212.x.x.x[443])

admin@PA-vm> clear session id 37676

session 37676 cleared

admin@PA-vm> show session all filter destination 212.x.x.x

--------------------------------------------------------------------------------

ID          Application    State   Type Flag  Src[Sport]/Zone/Proto (translated IP[Port])

Vsys                                          Dst[Dport]/Zone (translated IP[Port])

--------------------------------------------------------------------------------

37676        ms-lync-base   ACTIVE  FLOW *NS   10.123.48.19[52444]/L3-LAN/6  (84.x.x.x[49836])

vsys1                                          212.x.x.x[443]/L3-Internet  (212.x.x.x[443])

admin@PA-vm>

1 accepted solution

Accepted Solutions

In 6.0 there is issue with clearing the session with ID and identified as bug. It would be fixed in later maintenance release (probably 6.0.2). Can you try clearing the session by using filters than specific session id and that should clear the session eg: > clear session all filter source destination application SSH

View solution in original post

8 REPLIES 8

L7 Applicator

Hello Sir,

Could you please check the session details with below mentioned command:

admin@PA-vm> show session id 37676 >>>>Then verify the session  start time.


Clear the session     admin@PA-vm> clear session id 37676


Again, verify the same session ID: admin@PA-vm> show session id 37676 >>>>>>> check session start time, if this is showing the same start time.


Try to clear the same session from the session browser and let us know the result.


Session-browser.JPG.jpg



Thanks



admin@PA-vm> show session id 30711 | match start

        start time                    : Fri Mar 28 16:17:33 2014

admin@PA-vm> clear session id 30711

session 30711 cleared

admin@PA-vm> show session id 30711 | match start

        start time                    : Fri Mar 28 16:17:33 2014

Note: session 30711 is my ssh session to one of the dataplane ports of the Palo Alto, so clearing it should disconnect me. (Just as an example, other sessions can also not be cleared from the CLI)

When pressing the cross in the session browser for the session with ID 30711, the cross disappears, all information remains on the page about the session, the ssh session keeps on running and I get the same info for:

admin@PA-vm> show session id 30711 | match start

        start time                    : Fri Mar 28 16:17:33 2014

In 6.0 there is issue with clearing the session with ID and identified as bug. It would be fixed in later maintenance release (probably 6.0.2). Can you try clearing the session by using filters than specific session id and that should clear the session eg: > clear session all filter source destination application SSH

Hello,

It it your production firewall or a test FW..?

Thanks

L3 Networker

I ran into this as well after upgrading to 6.0, I tried multiple iterations of clearing session with ID with no luck,

later gave a shot using specific filter conditions and was able to get it cleared.

HULK Both Palo Alto I ran it on are in a lab.

prb Thanks, clearing the session with "clear session all filter ..." works

knarra1 is correct - This issue should be fixed in 6.0.2.

For documentation purposes: fixed in 6.0.2

  • 1 accepted solution
  • 9037 Views
  • 8 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!