Source IP Address (src_ip) | Original session source IP address. |
Source Port (sport) | Source port utilized by the session. |
Destination Address (dst) | Original session destination IP address. |
Destination Port (dport) | Destination port utilized by the session. |
IP Protocol (proto) | IP protocol associated with the session. |
Application (app) | Application associated with the session. |
Rule (rule) | Security policy rule that controls the session
traffic. |
Action (action) | Action taken for the session; possible values
are: allow—session was allowed by policy deny—session was denied by policy reset both—session was terminated and a TCP reset is sent
to both the sides of the connection reset client—session was terminated and a TCP reset is sent
to the client reset server—session was terminated and a TCP reset is sent
to the server
|
TLS Version (tls_version) | The version of TLS protocol used for the
session. |
Key Exchange Algorithm (tls_keyxchg) | The key exchange algorithm used for the
session. |
Encryption Algorithm (tls_enc) | The algorithm used to encrypt the session
data, such as AES-128-CBC, AES-256-GCM, etc. |
Hash Algorithm (tls_auth) | The authentication algorithm used for the
session, for example, SHA, SHA256, SHA384, etc. |
Elliptic Curve (ec_curve) | The elliptic cryptography curve that the
client and server negotiate and use for connections that use ECDHE
cipher suites. |
| Server Name Indication (server_name_indication) | The Server Name Indication. |
Server Name Indication Length (server_name_indication_length) | The length of the Server Name Indication
(hostname). |
Proxy Type (proxy_type) | The Decryption proxy type, such as Forward for Forward Proxy, Inbound for Inbound Inspection, No
Decrypt for undecrypted traffic, GlobalProtect, etc.
Selecting No
Decrypt, rather than
None, causes traffic to drop. |
Chain Status (chain_status) | Whether the chain is trusted. Values are: Uninspected Untrusted Trusted Incomplete
|
