Hi all,
I`m currently trying to deal more intensively with the ZBFW-Unified Security Policy and the possible Unified Logging of the UTD features!
https://www.cisco.com/c/en/us/td/docs/routers/sdwan/configuration/security/ios-xe-17/security-book-xe/m-firewall-17.html#Cisco_Concept.dita_c72d66dc-c900-4032-b4dd-110e7d3745bb
Using the Command "show flow monitor sdwan_flow_monitor cache" on the cEdge CLI there`s a lot of interessting output I can see, but unfortunatly I´m not able to understand many of the parameters
Does anyone of you perhaps have more information on how these parameters can be interpreted exactly? Among other things, I`d be interested in what the highlited "drop cause id" says for example...
IP PROTOCOL: 6
tcp flags: 0x1E
counter bytes long: 852
counter packets long: 8
flow end reason: Not determined
interface overlay session id input: 0
interface overlay session id output: 0
connection connection id long: 0x000000000004F661
drop cause id: 407
counter bytes drop long: 163
counter packets drop long: 4
ulogging fw zp id: 8
ulogging fw zone id array: 4 5
ulogging fw class id: 13881665
ulogging fw policy id: 5750832
ulogging fw proto id: 72
ulogging fw action: 2
ulogging fw source port translated: 5733
ulogging fw destination port translated: 443
ulogging utd ips pri: 0
ulogging utd ips sid: 0
ulogging utd ips gid: 0
ulogging utd ips cid: 0
ulogging utd urlf url hash: 00000000000000000000000000000000
ulogging utd urlf url category: 0
ulogging utd urlf url reputation: 0
ulogging utd urlf application name:
ulogging utd amp dispos: 0
ulogging utd amp filename hash: 00000000000000000000000000000000
ulogging utd amp file type: 0
ulogging utd amp file hash: 0000000000000000000000000000000000000000000000000000000000000000
ulogging utd amp malname hash: 00000000000000000000000000000000
ulogging utd drop reason id: 11
ulogging sdvt drop reason id: 0
ulogging utd ips policy id: N/A
ulogging utd ips action id: N/A
ulogging utd urlf policy id: N/A
ulogging utd urlf action id: N/A
ulogging utd amp policy id: N/A
ulogging utd amp action id: N/A
ulogging utd urlf reason id: 0
ulogging ulogging flow direction: Initiator
ip dscp: 0x00
application name: layer7 ssl
thank you very much in advance for any kind of helpful information!