session id and information

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

session id and information

L6 Presenter

Hi,

When we look from traffic logs to a session detail and to same session from cli (show session id)

we see completely different information except for id(different source,destination,application etc..), I've seen this for many devices different times and different panos versions.When we have this issue how can we fix that except for deleting all logs.thanks

1 REPLY 1

L7 Applicator

Session IDs are reused according to the device session capability. To check, you can use the CLI command "show session info". Here is an example from a PA-200:

Number of sessions supported:                    65532

Number of active sessions:                       1560

If you are looking at logs long enough after they were created, the session ID will have been reused. You can take a look at your average active session usage at peak times to get an idea of the maximum time you should expect the sessions to remain valid for future review. A PA-5060 used only in a lab may have weeks or months before the session IDs wrap, but that same firewall used in a full production environment close to capacity may see only a few hours before those IDs are reused.

Hope this helps,

Greg

  • 3516 Views
  • 1 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!