fwaccel conns

In the R81.10.X releases, this command is available starting from the R81.10.00 version.

Description

The "fwaccel conns" and "fwaccel6 conns" commands show the list of the SecureXL connections on the local Security Gateway, or Cluster Member.

Warning - If the number of concurrent connections is large, when you run these commands, they can consume memory and CPU at very high level (see sk118716).

Syntax for IPv4

fwaccel conns

      -h

      -f <filter>

      -m <Number of Entries>

      -s

      -v

Syntax for IPv6

fwaccel6 conns

      -h

      -f <Filter>

      -m <Number of Entries>

      -s

      -v

Parameters

Parameter

Description

-h

Shows the applicable built-in help.

-f <Filter>

Shows the SecureXL Connections Table entries based on the specified filter flags.

Notes:

  • To see the available filter flags, run:

    fwaccel conns -h

  • Each filter flag is one letter - capital, or small.

  • You can specify more than one flag.

    For example:

    fwaccel conns -f AaQq

 

Available filter flags are:

  • A - Shows accounted connections (for which SecureXL counted the number of packets and bytes).

  • a - Shows not accounted connections.

  • C - Shows encrypted (VPN) connections.

  • c - Shows clear-text (not encrypted) connections.

  • F - Currently, this parameter is not supported.

  • f - Currently, this parameter is not supported.

  • H - Currently, this parameter is not supported.

  • h - Currently, this parameter is not supported.

  • L - Shows connections, for which SecureXL created links in its connections table (Server-to-Client entries for the original Client-to-Server entry).

  • l - Shows connections, for which SecureXL did not create links in its connections table.

  • N - Currently, this parameter is not supported.

  • n - Currently, this parameter is not supported.

  • Q - Shows connections that undergo QoS.

  • q - Shows connections that do not undergo QoS.

  • S - Shows connections that undergo PXL.

  • s - Shows connections that do not undergo PXL.

  • U - Shows unidirectional connections.

  • u - Shows bidirectional connections.

  • V - Currently, this parameter is not supported.
  • v - Currently, this parameter is not supported.

-m <Number of Entries>

Currently, this parameter is not supported.

-s

Shows the summary of SecureXL Connections Table (number of connections).

Warning - Depending on the number of current connections, might consume memory at very high level.

-v

Shows verbose information about connections.

Example

[Expert@MyGW]# fwaccel conns
Source          SPort Destination     DPort PR Flags           C2S i/f S2C i/f Inst PPAK ID Policy ID  CPU Held Pkts TTL/Timeout
--------------- ----- --------------- ----- -- --------------- ------- ------- ---- ------- ---------- --- --------- -----------
    192.168.1.1   443   172.30.129.96 52122  6 ...A..S..L.....     5/1     1/5    3       0 935426077   2         0   16/23
  172.30.129.96 52121     192.168.1.1   443  6 ...A..S........     5/1     1/5    1       0 935426077   0         0    6/11
  172.30.129.96 52122     192.168.1.1   443  6 ...A..S........     5/1     1/5    3       0 935426077   2         0   16/23
    192.168.1.1   443   172.30.129.96 52121  6 ...A..S..L.....     5/1     1/5    1       0 935426077   0         0    6/11

Idx Interface
--- ---------
  0 lo
  1 WAN
  3 LAN1
  4 LAN3

Total number of connections: 2
Total number of links: 2
[Expert@MyGW]#