Re: source logs

sambillings459 · ‎01-08-2018

Hello Experts,

can any one please explain me, what does deleting session and new session means in below logs from source fire appliance. Though the rules are allowed on firewall , only one way traffic is seen, I cannot see bi-directional traffic. does it something to do with that deleting session line in bottom of my logs.
Appreciate any quick response

10.10.10.10-60494 > 20.20.20.20-4353 6 AS 1 I 16 New session
10.10.10.10-60494 > 20.20.20.20-4353 6 AS 1 I 16 Starting with minimum 0, id 0 and SrcZone first with zones 10 -> 5, geo 0 -> 0, vlan 0, sgt tag: untagged, svc 0, payload 0, client 0, misc 0, user 9999997, icmpType 0, icmpCode 0
10.10.10.10-60494 > 20.20.20.20-4353 6 AS 1 I 16 match rule order 1, 'Log All Connections', action Audit
10.10.10.10-60494 > 20.20.20.20-4353 6 AS 1 I 16 match rule order 34, 'companyA-companyB', action Allow
10.10.10.10-60494 > 20.20.20.20-4353 6 AS 1 I 16 allow action
10.10.10.10-50019 > 30.30.30.30-4353 6 AS 1 I 7 New session
10.10.10.10-50019 > 30.30.30.30-4353 6 AS 1 I 7 Starting with minimum 0, id 0 and SrcZone first with zones 10 -> 5, geo 0 -> 0, vlan 0, sgt tag: untagged, svc 0, payload 0, client 0, misc 0, user 9999997, icmpType 0, icmpCode 0
10.10.10.10-50019 > 30.30.30.30-4353 6 AS 1 I 7 match rule order 1, 'Log All Connections', action Audit
10.10.10.10-50019 > 30.30.30.30-4353 6 AS 1 I 7 match rule order 34, 'companyA-companyB', action Allow
10.10.10.10-50019 > 30.30.30.30-4353 6 AS 1 I 7 allow action
10.10.10.10-58072 > 20.20.20.20-4353 6 AS 1 I 16 Deleting session
10.10.10.10-58085 > 20.20.20.20-4353 6 AS 1 I 16 Deleting session
10.10.10.10-50040 > 30.30.30.30-4353 6 AS 1 I 7 New session

Thanks

Sam

sambillings459 · ‎01-09-2018

Hello experts, can anyone please explain me the logs highlighted in red color