'firewallgeeks.com' website will be reached, which will be resolved to '92.249.44.124' and observe incoming and outgoing interfaces based on the index values in the session list output.

Replication:

Access the website 'firewallgeeks.com' from the internal machine, which will createa  session in the firewall.

Execute the following commands to filter sessions associated with the website:

diagnose sys session filter clear <---- To clear existing session.

diagnose sys session filter dst 92.249.44.124 <----- Web site IP.

diagnose sys session lis

Once these commands are entered,  the session output will focus on the highlighted output:

Here dev means interface:

Traffic is coming from index 6 to index 3, and reply traffic is coming from index 3 to index 6, and execute this command 'diagnose net interface list' to find out specific interfaces using index values

if=port4 family=00 type=1 index=6 mtu=1500 link=0 master=0

ref=41 state=start present fw_flags=0 flags=up broadcast run multicast

if=port1 family=00 type=1 index=3 mtu=1500 link=0 master=0

ref=77 state=start present fw_flags=8000000 flags=up broadcast run multicast

So from this output, traffic is coming from port4 to port1 and reply traffic is coming from port1 to port4. It is possible to match the firewall policy with the corresponding interfaces to allow the traffic.