session browser source=0.0.0.0?

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

session browser source=0.0.0.0?

L2 Linker

seeing a lot of sessions in the session-browser with a source ip of 0.0.0.0 (in the internal "trust" zone) - these tend to be UDP protocols, RTP, bittorrent, skype etc and the session browser shows them not matching any rule or having any bytes.  Are these sessions in the process of being setup?

4 REPLIES 4

L5 Sessionator

I guess you are talking about PREDICT sessions.

These are not actual sessions, just predicting application.

It looks like a picture I attached.

Type FLOW is actual session.

Regards,

Emr

I am helped from your information.

Thanks.

I have a question about it.

There is a predict session in session-browser.

If a packet that match the predict session is no one. and this predict session is ended by session time-out.

Does FW write traffic log for this predict session or not?


Regards,

Cheon

Retired Member
Not applicable

Predict sessions are created due to ALG function in a particular application decoder. When a packet arrives which matches the predict session, it will be converted to a regular Flow session. Predict sessions do not generate a traffic log. But the resulting Flow session will.

Hope that helps.

-Richard

Thanks for your helps, Richard.

  • 5469 Views
  • 4 replies
  • 1 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!