Traffic logs display an entry for the start and end
of each session. Each entry includes the following information:
date and time; source and destination zones, addresses and ports;
application name; security rule applied to the traffic flow; rule
action (allow, deny, or drop); ingress and egress interface; number
of bytes; and session end reason.
The Type column indicates whether the entry is for the start
or end of the session. The Action column indicates whether the firewall
allowed, denied, or dropped the session. A drop indicates the security
rule that blocked the traffic specified any application, while a
deny indicates the rule identified a specific application. If the
firewall drops traffic before identifying the application, such
as when a rule drops all traffic for a specific service, the Application
column displays not-applicable.
beside an entry to view additional
details about the session, such as whether an ICMP entry aggregates
multiple sessions between the same source and destination (in which
case the Count column value is greater than one).