We are analyzing the logs from all of our devices. Recently, a question came up on the %FTD-6-302013 message. It appears to be only happening on outbound connections from the inside network to the outside. We never see messages like that for connections inbound into the inside network. There really isn't much of anything allowed to make new connections from the outside into our network. Does this message not get generated for blocked connections?
Thanks for the responses. I think the question I am being asked and I'm trying to research is this:
It looks like for an outbound connection the syslog message is written to the log as a connection inbound into the inside interface. Is there any way to get it to be logged as an outbound connection through the outside interface? I think the log analyzer may be getting confused by what is an outbound connection from our network, and there is an 'inbound' keyword in the message.