Hello Experts,
can any one please explain me, what does deleting session and new session means in below logs from source fire appliance. Though the rules are allowed on firewall , only one way traffic is seen, I cannot see bi-directional traffic. does it something to do with that deleting session line in bottom of my logs.
Appreciate any quick response
10.10.10.10-60494 > 20.20.20.20-4353 6 AS 1 I 16 New session
10.10.10.10-60494 > 20.20.20.20-4353 6 AS 1 I 16 Starting with minimum 0, id 0 and SrcZone first with zones 10 -> 5, geo 0 -> 0, vlan 0, sgt tag: untagged, svc 0, payload 0, client 0, misc 0, user 9999997, icmpType 0, icmpCode 0
10.10.10.10-60494 > 20.20.20.20-4353 6 AS 1 I 16 match rule order 1, 'Log All Connections', action Audit
10.10.10.10-60494 > 20.20.20.20-4353 6 AS 1 I 16 match rule order 34, 'companyA-companyB', action Allow
10.10.10.10-60494 > 20.20.20.20-4353 6 AS 1 I 16 allow action
10.10.10.10-50019 > 30.30.30.30-4353 6 AS 1 I 7 New session
10.10.10.10-50019 > 30.30.30.30-4353 6 AS 1 I 7 Starting with minimum 0, id 0 and SrcZone first with zones 10 -> 5, geo 0 -> 0, vlan 0, sgt tag: untagged, svc 0, payload 0, client 0, misc 0, user 9999997, icmpType 0, icmpCode 0
10.10.10.10-50019 > 30.30.30.30-4353 6 AS 1 I 7 match rule order 1, 'Log All Connections', action Audit
10.10.10.10-50019 > 30.30.30.30-4353 6 AS 1 I 7 match rule order 34, 'companyA-companyB', action Allow
10.10.10.10-50019 > 30.30.30.30-4353 6 AS 1 I 7 allow action
10.10.10.10-58072 > 20.20.20.20-4353 6 AS 1 I 16 Deleting session
10.10.10.10-58085 > 20.20.20.20-4353 6 AS 1 I 16 Deleting session
10.10.10.10-50040 > 30.30.30.30-4353 6 AS 1 I 7 New session
Thanks
Sam