Phase: 1Type: ACCESS-LISTSubtype: Result: ALLOWConfig:Implicit RuleAdditio

1. Phase: 1
2. Type: ACCESS-LIST
3. Subtype:
4. Result: ALLOW
5. Config:
6. Implicit Rule
7. Additional Information:
8. Forward Flow based lookup yields rule:
9. in id=0x7eff5f6e3390, priority=1, domain=permit, deny=false
10. hits=490830227, user_data=0x0, cs_id=0x0, l3_type=0x8
11. src mac=0000.0000.0000, mask=0000.0000.0000
12. dst mac=0000.0000.0000, mask=0100.0000.0000
13. input_ifc=LAN, output_ifc=any
14.  
15. Phase: 2
16. Type: ROUTE-LOOKUP
17. Subtype: Resolve Egress Interface
18. Result: ALLOW
19. Config:
20. Additional Information:
21. found next-hop 192.168.130.58 using egress ifc v130
22.  
23. Phase: 3
24. Type: ACCESS-LIST
25. Subtype: log
26. Result: ALLOW
27. Config:
28. access-group LAN_IN in interface LAN
29. access-list LAN_IN extended permit tcp any4 any4 eq ssh
30. Additional Information:
31. Forward Flow based lookup yields rule:
32. in id=0x7eff60af8900, priority=13, domain=permit, deny=false
33. hits=671, user_data=0x7eff55265980, cs_id=0x0, use_real_addr, flags=0x0, protocol=6
34. src ip/id=0.0.0.0, mask=0.0.0.0, port=0, tag=any
35. dst ip/id=0.0.0.0, mask=0.0.0.0, port=22, tag=any, dscp=0x0
36. input_ifc=LAN, output_ifc=any
37.  
38. Phase: 4
39. Type: NAT
40. Subtype: per-session
41. Result: ALLOW
42. Config:
43. Additional Information:
44. Forward Flow based lookup yields rule:
45. in id=0x7eff50a75d40, priority=1, domain=nat-per-session, deny=true
46. hits=2082080, user_data=0x0, cs_id=0x0, reverse, use_real_addr, flags=0x0, protocol=6
47. src ip/id=0.0.0.0, mask=0.0.0.0, port=0, tag=any
48. dst ip/id=0.0.0.0, mask=0.0.0.0, port=0, tag=any, dscp=0x0
49. input_ifc=any, output_ifc=any
50.  
51. Phase: 5
52. Type: IP-OPTIONS
53. Subtype:
54. Result: ALLOW
55. Config:
56. Additional Information:
57. Forward Flow based lookup yields rule:
58. in id=0x7eff5f6ec530, priority=0, domain=inspect-ip-options, deny=true
59. hits=1589653, user_data=0x0, cs_id=0x0, reverse, flags=0x0, protocol=0
60. src ip/id=0.0.0.0, mask=0.0.0.0, port=0, tag=any
61. dst ip/id=0.0.0.0, mask=0.0.0.0, port=0, tag=any, dscp=0x0
62. input_ifc=LAN, output_ifc=any
63.  
64. Phase: 6
65. Type:
66. Subtype:
67. Result: ALLOW
68. Config:
69. Additional Information:
70. Forward Flow based lookup yields rule:
71. in id=0x7eff61409560, priority=13, domain=dynamic-filter, deny=false
72. hits=732111, user_data=0x7eff614093e0, cs_id=0x0, use_real_addr, flags=0x0, protocol=0
73. src ip/id=0.0.0.0, mask=0.0.0.0, port=0, tag=any
74. dst ip/id=0.0.0.0, mask=0.0.0.0, port=0, tag=any, dscp=0x0
75. input_ifc=LAN, output_ifc=any
76.  
77. Phase: 7
78. Type:
79. Subtype:
80. Result: ALLOW
81. Config:
82. Additional Information:
83. Forward Flow based lookup yields rule:
84. in id=0x7eff61417240, priority=12, domain=UNKNOWN:65, deny=false
85. hits=732111, user_data=0x7eff614171e0, cs_id=0x0, use_real_addr, flags=0x0, protocol=0
86. src ip/id=0.0.0.0, mask=0.0.0.0, port=0, tag=any
87. dst ip/id=0.0.0.0, mask=0.0.0.0, port=0, tag=any, dscp=0x0
88. input_ifc=LAN, output_ifc=any
89.  
90. Phase: 8
91. Type:
92. Subtype:
93. Result: ALLOW
94. Config:
95. Additional Information:
96. Forward Flow based lookup yields rule:
97. out id=0x7eff6140b710, priority=13, domain=dynamic-filter, deny=false
98. hits=1256, user_data=0x7eff6140b1b0, cs_id=0x0, use_real_addr, flags=0x0, protocol=0
99. src ip/id=0.0.0.0, mask=0.0.0.0, port=0, tag=any
100. dst ip/id=0.0.0.0, mask=0.0.0.0, port=0, tag=any, dscp=0x0
101. input_ifc=any, output_ifc=v130
102.  
103. Phase: 9
104. Type:
105. Subtype:
106. Result: ALLOW
107. Config:
108. Additional Information:
109. Forward Flow based lookup yields rule:
110. out id=0x7eff61419030, priority=12, domain=UNKNOWN:65, deny=false
111. hits=1256, user_data=0x7eff61418bf0, cs_id=0x0, use_real_addr, flags=0x0, protocol=0
112. src ip/id=0.0.0.0, mask=0.0.0.0, port=0, tag=any
113. dst ip/id=0.0.0.0, mask=0.0.0.0, port=0, tag=any, dscp=0x0
114. input_ifc=any, output_ifc=v130
115.  
116. Phase: 10
117. Type: NAT
118. Subtype: per-session
119. Result: ALLOW
120. Config:
121. Additional Information:
122. Reverse Flow based lookup yields rule:
123. in id=0x7eff50a75d40, priority=1, domain=nat-per-session, deny=true
124. hits=2082082, user_data=0x0, cs_id=0x0, reverse, use_real_addr, flags=0x0, protocol=6
125. src ip/id=0.0.0.0, mask=0.0.0.0, port=0, tag=any
126. dst ip/id=0.0.0.0, mask=0.0.0.0, port=0, tag=any, dscp=0x0
127. input_ifc=any, output_ifc=any
128.  
129. Phase: 11
130. Type: IP-OPTIONS
131. Subtype:
132. Result: ALLOW
133. Config:
134. Additional Information:
135. Reverse Flow based lookup yields rule:
136. in id=0x7eff5f860740, priority=0, domain=inspect-ip-options, deny=true
137. hits=883448, user_data=0x0, cs_id=0x0, reverse, flags=0x0, protocol=0
138. src ip/id=0.0.0.0, mask=0.0.0.0, port=0, tag=any
139. dst ip/id=0.0.0.0, mask=0.0.0.0, port=0, tag=any, dscp=0x0
140. input_ifc=v130, output_ifc=any
141.  
142. Phase: 12
143. Type: FLOW-CREATION
144. Subtype:
145. Result: ALLOW
146. Config:
147. Additional Information:
148. New flow created with id 35135195, packet dispatched to next module
149. Module information for forward flow ...
150. snp_fp_tracer_drop
151. snp_fp_inspect_ip_options
152. snp_fp_tcp_normalizer
153. snp_fp_translate
154. snp_fp_adjacency
155. snp_fp_fragment
156. snp_ifc_stat
157.  
158. Module information for reverse flow ...
159. snp_fp_tracer_drop
160. snp_fp_inspect_ip_options
161. snp_fp_translate
162. snp_fp_tcp_normalizer
163. snp_fp_adjacency
164. snp_fp_fragment
165. snp_ifc_stat
166.  
167. Result:
168. input-interface: LAN
169. input-status: up
170. input-line-status: up
171. output-interface: v130
172. output-status: up
173. output-line-status: up
174. Action: allow