Does IDMGR Dump ID Number Correlate with Flow Basic Index Number?
Symptom
Resolution
The proper way to determine the security policy in relation to the Flow Basic index would be to run a show running security-policy command and count from the top down starting with index 0. From there, you can correlate the Flow Basic index with the security policy rule.
admin@PA-200> show running security-policy | match "\{"
DVR_Policy { index 0
"SSH BRUTE FORCE TEST" { index 1
VPN_ALLOW_192.168.55.1 { index 2
"Kids Strict Rule Base" { index 3
"Customer Allow All" { index 4
"Outbound Allow All" { index 5
"T-Mobile Tower" {
"Inbound Clean Up" {
intrazone-default {
interzone-default {
Flow Basic Debug shows traffic match to index 5
== 2016-09-11 15:48:45.817 -0700 ==
Packet received at slowpath stage
Packet info: len 89 port 17 interface 17 vsys 1
wqe index 229141 packet 0x0x80000000b7aca0c6
Packet decoded dump:
L2: 44:39:c4:59:8c:38->b4:0c:25:4d:19:11, type 0x0800
IP: 10.200.10.118->4.2.2.2, protocol 17
version 4, ihl 5, tos 0x00, len 75,
id 27506, frag_off 0x0000, ttl 128, checksum 46062
UDP: sport 54308, dport 53, len 55, checksum 49523
Session setup: vsys 1
PBF lookup (vsys 1) with application none
Session setup: ingress interface ethernet1/2 egress interface ethernet1/4 (zone 3)
NAT policy lookup, matched rule index 0
DoS policy lookup, no rule matched, let pkt go
Policy lookup, matched rule index 5, <--- Security index
Allocated new session 40164.
Packet matched vsys 1 NAT rule 'SRC_NAT_10.200.x.x' (index 1),
source translation 10.200.10.118/54308 => 10.0.0.5/35941
Created session, enqueue to install