Hi guys,
Following a flow captured from an old NetScreen in my company (for security reasons, I changed the IP addresses):
id 1916387/s1*,vsys 1,flag 00200440/4000/0003/0000,policy 2549,time 1, dip 0 module 0 if 110(nspflag 800005):192.125.175.100/52650->195.233.171.98/33000,6,00000c07acc1,sess token 28,vlan 1156,tun 0,vsd 1,route 320,wsf 0 if 110(nspflag 800004):192.125.175.100/52650<-195.233.171.98/33000,6,000bfcfe1b10,sess token 25,vlan 519,tun 0,vsd 1,route 42,wsf 0
I dont know so well the ScreenOS but from this output I can understand many important information:
1. A source or a destination NAT has not been implemented, because the IPs are the same both in the second and in the third line.
2. In the first line I can find three different ids about the session (1916387), the vsys (1) and the security policy involved (2549).
But what about the interfaces? What are the names about the egress and ingress interfaces? and what else important information can I see from this output?
In JunOS I can see if the flow works or not. For example, in this case the network flow passes the firewall but it doesn't come back (I can understand it reading the return packets number):
Session ID: 160115580, Policy name: VUC000026807071/3480, State: Active, Timeout: 1232, Valid
In: 37.25.152.14/10756 --> 10.132.143.104/22;tcp, If: reth0.965, Pkts: 1935, Bytes: 101328
Out: 10.132.143.104/22 --> 37.25.152.14/10756;tcp, If: reth7.143, Pkts: 0, Bytes: 0
Can I understand it in the "get session" output from the NetScreen too?