This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

Session ID 0

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Palo Alto Networks Approved
Palo Alto Networks Approved
Community Expert Verified
Community Expert Verified

Session ID 0

Go to solution
nsrini1991
L2 Linker

‎07-15-2018 01:22 AM - edited ‎07-15-2018 09:33 PM

Hi ,

 

 When checking monitoring logs  very often especially with ICMP,  I come across" Session ID 0"  and unable to find any information for the same using CLI . This throws error message as Session ID should start with 1.  Not sure, why only WebGui displays as 0. Please assist.

PA11.JPG

 

 

 

 

admin@PA> show session id 0
0 should be between 1-2147483648

Invalid syntax.

0 Likes Likes
1 accepted solution

Accepted Solutions

Go to solution
BPry
Cyber Elite
Cyber Elite

‎07-16-2018 11:44 AM - edited ‎07-16-2018 11:44 AM

@nsrini1991,

Session id '0' is used for anything that actually gets denied, because a session was never generated. Essentially the way the firewall functions you can't have a 'null' value for the session-id, so PAN chose to use '0' for anything that isn't allowed. Since the session doesn't actually get created and doesn't truthfully exist except in the logs, you can't view session id 0 via the cli like you could with other sessions. 

 

View solution in original post

2 REPLIES 2

Go to solution
BPry
Cyber Elite
Cyber Elite

‎07-16-2018 11:44 AM - edited ‎07-16-2018 11:44 AM

@nsrini1991,

Session id '0' is used for anything that actually gets denied, because a session was never generated. Essentially the way the firewall functions you can't have a 'null' value for the session-id, so PAN chose to use '0' for anything that isn't allowed. Since the session doesn't actually get created and doesn't truthfully exist except in the logs, you can't view session id 0 via the cli like you could with other sessions. 

 

Go to solution
Sanssj
L2 Linker
In response to BPry

‎07-22-2018 12:08 PM

To be precise Session ID is "0" if the FW action is "drop" for that specific traffic. In case of deny a session is created but the after checking the 5 tuples the FW deny the traffic.

  • 1 accepted solution
  • 7547 Views
  • 2 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks