clear pf session (all|id <uuid>)Clear session table or delete specific session by its ID.
ngfw> show pf session-countThe number of sessions established on Kaspersky NGFW. The total-session-count field of the output JSON shows the total number of established sessions and the number of sessions on each worker.
Example output:
{ "ngfw-session:workers-session-count": { "worker-entry": [ { "worker-id": "worker-1", "session-count": 2 }, { "worker-id": "worker-2", "session-count": 2 }, { "worker-id": "worker-3", "session-count": 3 }, { "worker-id": "worker-4", "session-count": 6 } ], "total-session-count": 13 }
}
ngfw> show pf sessionShow all records from the table of sessions.
Example output:
{
"ngfw-session:session-table": {
"session-entry": [ {
"session-id": "d61ffd5e-84db-4c54-b1a1-1ecf9b64e3a2",
"rule-id": "205a4d3a-3095-4e34-9ea0-21e0b87c4018",
"rule-name": "test",
"decrypt-rule-id": "00000000-0000-4000-0000-000000000001",
"decrypt-rule-name": "default",
"rule-action": "block",
"full-match": "yes",
"transport-protocol": 6,
"source-address": "10.0.0.2",
"source-port": 47770,
"destination-address": "192.168.1.12",
"destination-port": 443,
"source-user-name": "",
"meta-state": "discarded",
"protocol-state": "discarded",
"tcp-redirected": true,
"decrypted": false,
"profile": "no",
"av-profile": "no",
"ids-profile": "no",
"wc-profile": "no",
"dnssec-profile": "no",
"app-path": "",
"app-service": "",
"app-service-category": "",
"client-app": "",
"end-reason": "blocked by rule",
"last-active-time": "2025-06-05T16:16:39+01:00",
"last-active-aging": 10,
"create-datetime": "2025-06-05T16:16:39+01:00",
"duration": 10,
"packets-c2s": "0",
"bytes-c2s": "0",
"packets-s2c": "0",
"bytes-s2c": "0",
"packets": "0",
"bytes": "0",
"icmp-type": "N/A",
"icmp-code": "N/A" } ] }
}
ngfw> show pf session-query "<expression> [order by <sorting-order>]"Show records from the table of sessions according to the filter specified by the logical expression.
In the current version of the software, the following values can be used in the expression: bytes, source-address, destination-address, transport-protocol, source-port, destination-port, as well as pseudo-values: address, port (a match of one of the values with source/destination prefix is sufficient).
The following operators are allowed in the expression:
eq - "equals"ne - "does not equal"gt - "greater than"geq - "greater than or equal"lt - "less than"leq - "less than or equal"in - "contained in/part of"; applied to a subnet, the subnet is defined by an "a.a.a.a/CIDR" patternnin - "not contained in/not part of"; applied to a subnet, the subnet is defined by an "a.a.a.a/CIDR" pattern! - negates the result of a logical operation, precedes parentheses.The logical expression may be followed by a sorting specification in the order by clause. The sorting order is specified by a comma-delimited list of parameter names with an optional sorting order. <sorting-order> = <param-name>[(ascending|descending)][, <another-param-name> [(ascending|descending)]][, ...] If no sorting order is specified, it defaults to descending.
Example of commands and output:
ngfw> show pf session-query "(transport-protocol eq 6) and (source-address eq 10.0.0.2) order by source-port ascending"
{
"ngfw-session:get-sessions": {
"total-count": 2,
"filtered-count": 2,
"returned-count": 2,
"session-entry": [ {
"session-id": "067ea152-d2d7-4d81-81f9-cb06f165a5d3",
"rule-id": "205a4d3a-3095-4e34-9ea0-21e0b87c4018",
"rule-name": "deny",
"decrypt-rule-id": "00000000-0000-4000-0000-000000000001",
"decrypt-rule-name": "default",
"rule-action": "block",
"full-match": "yes",
"transport-protocol": 6,
"source-address": "10.0.0.2",
"source-port": 49002,
"destination-address": "192.168.1.12",
"destination-port": 443,
"source-user-name": "",
"meta-state": "discarded",
"protocol-state": "discarded",
"tcp-redirected": true,
"decrypted": false,
"profile": "no",
"av-profile": "no",
"ids-profile": "no",
"wc-profile": "no",
"dnssec-profile": "no",
"app-path": "",
"app-service": "",
"app-service-category": "",
"client-app": "",
"end-reason": "blocked by rule",
"last-active-time": "2025-06-05T18:11:09+01:00",
"last-active-aging": 33,
"create-datetime": "2025-06-05T18:11:09+01:00",
"duration": 33,
"packets-c2s": "0",
"bytes-c2s": "0",
"packets-s2c": "0",
"bytes-s2c": "0",
"packets": "0",
"bytes": "0",
"icmp-type": "N/A",
"icmp-code": "N/A" }, {
"session-id": "54923019-7b80-440c-826d-b9b7c81c00e5",
"rule-id": "205a4d3a-3095-4e34-9ea0-21e0b87c4018",
"rule-name": "deny",
"decrypt-rule-id": "00000000-0000-4000-0000-000000000001",
"decrypt-rule-name": "default",
"rule-action": "block",
"full-match": "yes",
"transport-protocol": 6,
"source-address": "10.0.0.2",
"source-port": 49018,
"destination-address": "192.168.1.12",
"destination-port": 443,
"source-user-name": "",
"meta-state": "discarded",
"protocol-state": "discarded",
"tcp-redirected": true,
"decrypted": false,
"profile": "no",
"av-profile": "no",
"ids-profile": "no",
"wc-profile": "no",
"dnssec-profile": "no",
"app-path": "",
"app-service": "",
"app-service-category": "",
"client-app": "",
"end-reason": "blocked by rule",
"last-active-time": "2025-06-05T18:11:10+01:00",
"last-active-aging": 32,
"create-datetime": "2025-06-05T18:11:10+01:00",
"duration": 32,
"packets-c2s": "0",
"bytes-c2s": "0",
"packets-s2c": "0",
"bytes-s2c": "0",
"packets": "0",
"bytes": "0",
"icmp-type": "N/A",
"icmp-code": "N/A" } ] }
}