Traffic logs display an entry for the start and end
of each session. Each entry includes the following information:
date and time; source and destination zones, addresses and ports;
application name; security rule applied to the traffic flow; rule
action (allow, deny, or drop); ingress and egress interface; number
of bytes; and session end reason.
The Type column indicates whether the entry is for the start
or end of the session. The Action column indicates whether the firewall
allowed, denied, or dropped the session. A
security rule that blocked the traffic was specified for
indicates that the rule identified a specific
application. If the firewall drops traffic before identifying the
application, such as when a rule drops all traffic for a specific service,
the Application column displays not-applicable.
beside an entry to view
additional details about the session, such as whether an ICMP entry
aggregates multiple sessions between the same source and destination (in
which case the Count column value is greater than one).