fwaccel conns

Description

The fwaccel conns and fwaccel6 conns commands show the list of the SecureXL connections on the local Security Gateway, or Cluster Member.

Warning - If the number of concurrent connections is large, when you run these commands, they can consume memory and CPU at very high level (see sk118716).

Syntax for IPv4

fwaccel [-i <SecureXL ID>] conns

      -h

      -f <filter>

      -m <Number of Entries>

      -s

Syntax for IPv6

fwaccel6 conns

      -h

      -f <Filter>

      -m <Number of Entries>

      -s

Parameters

Parameter

Description

-h

Shows the applicable built-in help.

-i <SecureXL ID>

Specifies the SecureXL instance ID (for IPv4 only).

-f <Filter>

Show the SecureXL Connections Table entries based on the specified filter flags.

Notes:

  • To see the available filter flags, run:

    fwaccel conns -h

  • Each filter flag is one letter - capital, or small.

  • You can specify more than one flag.

    For example:

    fwaccel conns -f AaQq

 

Available filter flags are:

  • A - Shows accounted connections (for which SecureXL counted the number of packets and bytes).

  • a - Shows not accounted connections.

  • C - Shows encrypted (VPN) connections.

  • c - Shows clear-text (not encrypted) connections.

  • F - Shows connections that SecureXL forwarded to Firewall.

    Note - In R81, SecureXL does not support this parameter.

  • f - Shows cut-through connections (which SecureXL accelerated).

    Note - In R81, SecureXL does not support this parameter.

  • H - Shows connections offloaded to the SAM card.

    Note - R81, does not support the SAM card (Known Limitation PMTR-18774).

  • h - Shows connections created in the SAM card.

    Note - R81, does not support the SAM card (Known Limitation PMTR-18774).

  • L - Shows connections, for which SecureXL created internal links.

  • l - Shows connections, for which SecureXL did not create internal links.

  • N - Shows connections that undergo NAT.

    Note - In R81, SecureXL does not support this parameter.

  • n - Shows connections that do not undergo NAT.

    Note - R81, SecureXL does not support this parameter.

  • Q - Shows connections that undergo QoS.

  • q - Shows connections that do not undergo QoS.

  • S - Shows connections that undergo PXL.

  • s - Shows connections that do not undergo PXL.

  • U - Shows unidirectional connections.

  • u - Shows bidirectional connections.

-m <Number of Entries>

Specifies the maximal number of connections to show.

Note - In R81, SecureXL does not support this parameter.

-s

Shows the summary of SecureXL Connections Table (number of connections).

Warning - Depending on the number of current connections, might consume memory at very high level.

Example - Default output from a non-VSX Gateway

[Expert@MyGW:0]# fwaccel conns
Source          SPort Destination     DPort PR Flags     C2S i/f S2C i/f   Inst Identity
--------------- ----- --------------- ----- -- ----------- ------- ------- ---- -------
      1.1.1.200 50586       1.1.1.100 18191  6 F............. 2/2     2/-     3       0
  192.168.0.244 35925   192.168.0.242 18192  6 F............. 1/1     -/-     1       0
   192.168.0.93   257   192.168.0.242 53932  6 F............. 1/1     1/-     0       0
  192.168.0.242    22   172.30.168.15 57914  6 F............. 1/1     -/-     2       0
  192.168.0.244 34773   192.168.0.242 18192  6 F............. 1/1     -/-     2       0
   192.168.0.88   138   192.168.0.255   138 17 F............. 1/1     -/-     0       0
      1.1.1.100 18191       1.1.1.200 55336  6 F............. 2/2     2/-     4       0
  192.168.0.242 18192   192.168.0.244 38567  6 F............. 1/1     -/-     4       0
  192.168.0.242 53932    192.168.0.93   257  6 F............. 1/1     1/-     0       0
  192.168.0.242 18192   192.168.0.244 62714  6 F............. 1/1     -/-     1       0
  192.168.0.244 33558   192.168.0.242 18192  6 F............. 1/1     -/-     5       0
      1.1.1.200 36359       1.1.1.100 18191  6 F............. 2/2     2/-     5       0
      1.1.1.200 55336       1.1.1.100 18191  6 F............. 2/2     2/-     4       0
  192.168.0.242 60756    192.168.0.93   257  6 F............. 1/1     1/-     4       0
      1.1.1.100 18191       1.1.1.200 36359  6 F............. 2/2     2/-     5       0
      1.1.1.100 18191       1.1.1.200 50586  6 F............. 2/2     2/-     3       0
  192.168.0.244 38567   192.168.0.242 18192  6 F............. 1/1     -/-     4       0
  192.168.0.242 18192   192.168.0.244 32877  6 F............. 1/1     -/-     5       0
  192.168.0.242 53806   192.168.47.45    53 17 F............. 1/1     1/-     3       0
  192.168.0.242 18192   192.168.0.244 33558  6 F............. 1/1     -/-     5       0
  172.30.168.15 57914   192.168.0.242    22  6 F............. 1/1     -/-     2       0
  192.168.0.255   138    192.168.0.88   138 17 F............. 1/1     -/-     0       0
   192.168.0.93   257   192.168.0.242 60756  6 F............. 1/1     1/-     4       0
      1.1.1.200 18192       1.1.1.100 37964  6 F............. 2/2     -/-     1       0
      1.1.1.100 37964       1.1.1.200 18192  6 F............. 2/2     -/-     1       0
  192.168.0.244 32877   192.168.0.242 18192  6 F............. 1/1     -/-     5       0
  192.168.0.242 18192   192.168.0.244 34773  6 F............. 1/1     -/-     2       0
  192.168.0.242 18192   192.168.0.244 35925  6 F............. 1/1     -/-     1       0
  192.168.47.45    53   192.168.0.242 53806 17 F............. 1/1     1/-     3       0
  192.168.0.244 62714   192.168.0.242 18192  6 F............. 1/1     -/-     1       0
 
Idx Interface
--- ---------
  0 lo
  1 eth0
  2 eth1
 
Total number of connections: 30
[Expert@MyGW:0]#