#diag firewall iprope lookup <src_ip> <src_port> <dst_ip> <dst_port> <protocol> <Source interface>Example scenario:
# show firewall policy
# config firewall policy
edit 1
set name "clientToServer"
set uuid 06f1be4a-fb9f-51e9-ef16-dc4000a2a577
set srcintf "port2"
set dstintf "port3"
set srcaddr "all"
set dstaddr "VIP1"
set action accept
set schedule "always"
set service "ALL"
set logtraffic all
set nat enable
set ippool enable
set poolname "IPPool"
next
edit 2
set name "any-allow"
set uuid 194f0af0-22f7-51ea-c381-c68f1572bea6
set srcintf "port2"
set dstintf "port1"
set srcaddr "all"
set dstaddr "all"
set action accept
set schedule "always"
set service "ALL_TCP"
set nat enable
next
end
Alza-kvm12 # diag firewall iprope lookup 10.187.1.100 12345 8.8.8.8 53 udp port2
<src [10.187.1.100-12345] dst [8.8.8.8-53] proto udp dev port2> matches policy id: 0 < -----
Alza-kvm12 # diag firewall iprope lookup 10.187.1.100 12345 8.8.8.8 53 tcp port2
<src [10.187.1.100-12345] dst [8.8.8.8-53] proto tcp dev port2> matches policy id: 2 < -----
#get router info routing-table details <destination ip address>Example:
# get router info routing-table details 8.8.8.8
Routing entry for 0.0.0.0/0
Known via "static", distance 10, metric 0, best
* 10.47.3.254, via port1