Sample Output
The following is a complete sample output from the
show services stateful-firewall conversations application-protocol ftpoperational mode command:user@host>show services stateful-firewall conversations application-protocol ftpInterface: sp-1/3/0, Service set: CLBJI1-AAF001Conversation: ALG protocol: ftpNumber of initiators: 2, Number of responders: 2Flow State Dir Frm countTCP 1.1.79.2:14083 -> 2.2.2.2:21 Watch I 13NAT source 1.1.79.2:14083 -> 194.250.1.237:50118TCP 1.1.79.2:14104 -> 2.2.2.2:20 Forward I 3NAT source 1.1.79.2:14104 -> 194.250.1.237:50119TCP 2.2.2.2:21 -> 194.250.1.237:50118 Watch O 12NAT dest 194.250.1.237:50118 -> 1.1.79.2:14083TCP 2.2.2.2:20 -> 194.250.1.237:50119 Forward O 5NAT dest 194.250.1.237:50119 -> 1.1.79.2:14104For each flow, the first line shows flow information, including protocol (TCP), source address, source port, destination address, destination port, flow state, direction, and frame count.
- A
Watchflow state indicates that the control flow is monitored by the ALG for information in the payload. NAT processing is performed on the header and payload as needed.- A
Forwardflow forwards the packets without monitoring the payload. NAT is performed on the header as needed.- A
Dropflow drops any packet that matches the 5 tuple.