default policy on the FW
set groups global-policy security policies from-zone <*> to-zone <*> policy Default-Log-Drop match source-address any
set groups global-policy security policies from-zone <*> to-zone <*> policy Default-Log-Drop match destination-address any
set groups global-policy security policies from-zone <*> to-zone <*> policy Default-Log-Drop match application any
set groups global-policy security policies from-zone <*> to-zone <*> policy Default-Log-Drop then deny
set groups global-policy security policies from-zone <*> to-zone <*> policy Default-Log-Drop then log session-init.
but when i check the session flow , i can see that there still traffic permitted by default policy , why . and how can i fix it
show security flow session destination-prefix A.A.A.A source-prefix B.B.B.B
node0:
--------------------------------------------------------------------------
Flow Sessions on FPC1 PIC0:
Session ID: 20004368, Policy name: default-policy-00/2, State: Active, Timeout: 2, Valid
In: B.B.B.B/19 --> A.A.A.A/30794;icmp, If: reth0.902, Pkts: 1, Bytes: 100
Out: A.A.A.A/30794 --> B.B.B.B/19;icmp, If: reth1.802, Pkts: 1, Bytes: 100
Session ID: 20104835, Policy name: default-policy-00/2, State: Active, Timeout: 2, Valid
In: B.B.B.B/18 --> A.A.A.A/30794;icmp, If: reth0.902, Pkts: 1, Bytes: 100
Out: A.A.A.A/30794 --> B.B.B.B/18;icmp, If: reth1.802, Pkts: 1, Bytes: 100
Session ID: 20235181, Policy name: default-policy-00/2, State: Active, Timeout: 4, Valid
In: B.B.B.B/20 --> A.A.A.A/30794;icmp, If: reth0.902, Pkts: 1, Bytes: 100
Out: A.A.A.A/30794 --> B.B.B.B/20;icmp, If: reth1.802, Pkts: 1, Bytes: 100
Session ID: 20245902, Policy name: default-policy-00/2, State: Active, Timeout: 2, Valid
In: B.B.B.B/17 --> A.A.A.A/30794;icmp, If: reth0.902, Pkts: 1, Bytes: 100
Out: A.A.A.A/30794 --> B.B.B.B/17;icmp, If: reth1.802, Pkts: 1, Bytes: 100