Hi All,
I am curious to know more about the connection table entries. I have referred the SK65133 but I could see only the details about HEXA representation.
It would me more helpful if some one attempts to decode the connection table.
I have a windows PC (10.10.10.10) initiating an ICMP request toward 4.2.2.2 and at firewall I have configured Source NAT (Hide) and Destination NAT(Static).
My source (10.10.10.10) will be NAT to 192.168.20.10 and Destination (4.2.2.2) will be NAT to 8.8.8.8.
Below is the output of "fw tab -t connections -u -f"
10:40:18 5 N/A N/A 10.0.0.101 > N/A LogId: <max_null>; ContextNum: <max_null>; OriginSicName: <max_null>; : -----------------------------------(+); Direction: 0; Source: 8.8.8.8; SPort: 0; Dest: 192.168.20.10; DPort: 26670; Protocol: icmp; CPTFMT_sep_1: ->; Direction_1: 0; Source_1: 10.10.10.10; SPort_1: 1; Dest_1: 4.2.2.2; DPort_1: 0; Protocol_1: icmp; FW_symval: 2054; LastUpdateTime: 25Jun2020 10:40:18; ProductName: VPN-1 & FireWall-1; ProductFamily: Network;
10:40:18 5 N/A N/A 10.0.0.101 > N/A LogId: <max_null>; ContextNum: <max_null>; OriginSicName: <max_null>; : -----------------------------------(+); Direction: 1; Source: 8.8.8.8; SPort: 0; Dest: 10.10.10.10; DPort: 1; Protocol: icmp; CPTFMT_sep_1: ->; Direction_2: 0; Source_2: 10.10.10.10; SPort_2: 1; Dest_2: 4.2.2.2; DPort_2: 0; Protocol_2: icmp; FW_symval: 2053; LastUpdateTime: 25Jun2020 10:40:18; ProductName: VPN-1 & FireWall-1; ProductFamily: Network;
10:40:18 5 N/A N/A 10.0.0.101 > N/A LogId: <max_null>; ContextNum: <max_null>; OriginSicName: <max_null>; : -----------------------------------(+); Direction: 0; Source: 10.10.10.10; SPort: 1; Dest: 4.2.2.2; DPort: 0; Protocol: icmp; CPTFMT_sep: ;; Type: 65537; Rule: 4; Timeout: 353; Handler: 0; Ifncin: 2; Ifncout: 2; Ifnsin: 3; Ifnsout: 3; Bits: 0000780000000000; NAT_VM_Source: 10.10.10.10; NAT_VM_SPort: 1; NAT_VM_Dest: 8.8.8.8; NAT_VM_DPort: 0; NAT_VM_Flags: 44; NAT_Client_Source: ; NAT_Client_SPort: 0; NAT_Client_Dest: 4.2.2.2; NAT_Client_DPort: 0; NAT_Client_Flags: 44; NAT_Server_Source: 192.168.20.10; NAT_Server_SPort: 26670; NAT_Server_Dest: ; NAT_Server_DPort: 0; NAT_Server_Flags: 1049132; NAT_Xlate_Flags: 1605644; Expires: 26/30; LastUpdateTime: 25Jun2020 10:40:18; ProductName: VPN-1 & FireWall-1; ProductFamily: Network;
10:40:18 5 N/A N/A 10.0.0.101 > N/A LogId: <max_null>; ContextNum: <max_null>; OriginSicName: <max_null>; : -----------------------------------(+); Direction: 1; Source: 10.10.10.10; SPort: 1; Dest: 8.8.8.8; DPort: 0; Protocol: icmp; CPTFMT_sep_1: ->; Direction_1: 0; Source_1: 10.10.10.10; SPort_1: 1; Dest_1: 4.2.2.2; DPort_1: 0; Protocol_1: icmp; FW_symval: 2050; LastUpdateTime: 25Jun2020 10:40:18; ProductName: VPN-1 & FireWall-1; ProductFamily: Network;
---------------------------------------------------------------------------------------------------------------------------------
Can you please indicate which one is S-link entry and which one is Real Connection entry, and whet does the field in the entry mean.