Query of session entries with specified IP addresses

26

You can view session entries with specified source or destination IP addresses on the web UI or CLI.
For the USG6000 series, on the web UI, choose Monitor > Session Table to view the session table. Then, click Advanced Search and enter the specified IP address in Source Address or Destination Address.
For the USG2000&5000 series, on the web UI, choose Firewall > Monitor > Session Table to view the session table. Then, click Advanced Search, select Source or Destination from the IP Address drop-down list, and enter the specified IP address.
For the USG2000&5000 and USG6000 series, you can run the display firewall session table source [ verbose ] { inside ip-address | global ip-address } or display firewall session table destination { inside ip-address | global ip-address command to view session information about the specified source or destination IP address.

Other related questions:
Delete ARP entries on S series switch
On an S series switch, except S1700, run the reset arp { all | dynamic [ ip ip-address [ vpn-instance vpn-instance-name ] ] | interface interface-type interface-number [ ip ip-address ] | static } command in the user view to delete ARP entries. The parameters are as follows: all: deletes all ARP entries. dynamic: deletes dynamic ARP entries. static: deletes static ARP entries. interface: deletes ARP entries on the specified interface. ip-address: deletes ARP entries of the specified IP address. vpn-instance: deletes ARP entries in the specified VPN instance. Run the undo arp static ip-address mac-address [ vpn-instance vpn-instance-name | [ vid vlan-id [ cevid ce-vid ] ] interface interface-type interface-number[.subinterface-number ] ] or undo arp static ip-address [ vpn-instance vpn-instance-name | vid vlan-id [ cevid ce-vid ] interface interface-type interface-number[.subinterface-number ] ] command in the system view to delete ARP entries.

Selection of the global/inside parameter when the session table Is queried by IP address
How to select the global or inside parameter when the session table is queried by IP address? When the first packet is in outbound direction, the inside parameter indicates the source or destination IP address before NAT and the global parameter indicates that after NAT. When the first packet is in inbound direction or in the same zone, the inside parameter indicates the source or destination IP address after NAT and the global parameter indicates that before NAT.If no NAT is performed on the source or destination IP address, the inside parameter is the same as the global parameter.

Query MAC address entries on the S1728GWR-4P switch
Query MAC address entries on an S1728GWR-4P switch as follows: 1. Choose MAC Address > Static or Dynamic. 2. Select Show from the Action drop-down list box. The bound static MAC address or dynamic MAC address is displayed.

Changing the peer IP address of IPSec VPN on the firewall
Changing the peer IP address of IPSec VPN on the USG 1. Configuration method remote-address The remote-address command specifies the IKE peer address or address range. remote-address { low-ip-address [ high-ip-address ] | ip-pool pool-number | authentication-address low-ip-address [ high-ip-address ] | vpn-instance vpn-instance-name low-ip-address [ high-ip-address ] } undo remote-address [authentication-address | ip-pool ] Parameter description ip-pool: To assign an IP address from the local end to the peer end (such as the AP device), configure the address pool at the local end and assign an IP address to the peer end. authentication-address: In a scenario where NAT traversal is implemented, to use the IP address for authentication, configure the authentication-address parameter to specify the pre-NAT address or address range. vpn-instance: Specifies the VPN instance and interface IP address of the tunnel during multi-instance configuration. If no high-ip-address is specified in the command, only one address is configured for the IKE peer. When the IKE peer is referenced by the IPSec policy template, the remote-address command is optional. When the IKE peer is referenced by the IPSec policy, the remote-address is mandatory. If the peer address is configured as an address segment, this IKE peer can be referenced by the IPSec policy template only. When the IKE peer is referenced by the IPSec policy or IPSec policy template, you cannot run the remote-address command to modify the peer IP address of the IKE peer. 2. Example system-view [sysname] ike peer peer1 [sysname-ike-peer-peer1] remote-address 202.38.0.1 //Set the IP address of the IKE peer peer1 to 202.38.0.1.

If you have more questions, you can seek help from following ways:
To iKnow To Live Chat
Scroll to top