heyy i tried to troubleshoot some traffic behaviuor, an i created a rull without any security profile and with application overide. when i run those commands to look at the traffic i found this. admin@PA-500> show session all filter destination 147.235.246.154 -------------------------------------------------------------------------------- ID Application State Type Flag Src[Sport]/Zone/Proto (translated IP[Port]) Vsys Dst[Dport]/Zone (translated IP[Port]) -------------------------------------------------------------------------------- 19110 Jumbomail ACTIVE FLOW 192.168.1.149[58525]/trust/6 (192.168.1.149[58525]) vsys1 147.235.246.154[80]/untrust (147.235.246.154[80]) 8439 Jumbomail ACTIVE FLOW 192.168.1.149[58524]/trust/6 (192.168.1.149[58524]) vsys1 147.235.246.154[80]/untrust (147.235.246.154[80]) admin@PA-500> admin@PA-500> admin@PA-500> show session id 8439 Session 8439 c2s flow: source: 192.168.1.149 [trust] dst: 147.235.246.154 proto: 6 sport: 58524 dport: 80 state: ACTIVE type: FLOW src user: unknown dst user: unknown s2c flow: source: 147.235.246.154 [untrust] dst: 192.168.1.149 proto: 6 sport: 80 dport: 58524 state: ACTIVE type: FLOW src user: unknown dst user: unknown start time : Tue Jun 25 18:06:37 2013 timeout : 3600 sec time to live : 3584 sec total byte count(c2s) : 670 total byte count(s2c) : 122 layer7 packet count(c2s) : 3 layer7 packet count(s2c) : 2 vsys : vsys1 application : Jumbomail rule : rule1 session to be logged at end : True session in session ager : True session synced from HA peer : False layer7 processing : completed URL filtering enabled : True URL category : any session via syn-cookies : False session terminated on host : False session traverses tunnel : False captive portal session : False ingress interface : ethernet1/2 egress interface : ethernet1/1 session QoS rule : N/A (class 4) session tracker stage l7proc : fastpath state none admin@PA-500> show session id 19110 Session 19110 c2s flow: source: 192.168.1.149 [trust] dst: 147.235.246.154 proto: 6 sport: 58525 dport: 80 state: ACTIVE type: FLOW src user: unknown dst user: unknown s2c flow: source: 147.235.246.154 [untrust] dst: 192.168.1.149 proto: 6 sport: 80 dport: 58525 state: ACTIVE type: FLOW src user: unknown dst user: unknown start time : Tue Jun 25 18:06:37 2013 timeout : 30 sec time to live : 17 sec total byte count(c2s) : 242 total byte count(s2c) : 122 layer7 packet count(c2s) : 4 layer7 packet count(s2c) : 2 vsys : vsys1 application : Jumbomail rule : rule1 session to be logged at end : True session in session ager : True session synced from HA peer : False layer7 processing : completed URL filtering enabled : True URL category : any session via syn-cookies : False session terminated on host : False session traverses tunnel : False captive portal session : False ingress interface : ethernet1/2 egress interface : ethernet1/1 session QoS rule : N/A (class 4) session tracker stage l7proc : fastpath state none admin@PA-500> ------------------------------------------------------------------------------------------- why is the output as follow: URL filtering enabled : True thanks dor
... View more