4846418.0: ethernet0/2(i) len=62:001c2338dbc1->0010dbff2060/0800
              161.101.150.102 -> 161.101.150.9/6
              vhl=45, tos=00, id=28538, frag=4000, ttl=128 tlen=48
              tcports 1549->3389, seq=2915633343, ack=0, flag=7002/SYN
              00 10 db ff 20 60 00 1c 23 38 db c1 08 00 45 00     .....`..#8....E.
              00 30 6f 7a 40 00 80 06 1c 13 a1 65 96 66 a1 65     .0oz@......e.f.e
              96 09 06 0d 0d 3d ad c9 08 bf 00 00 00 00 70 02     .....=........p.
              ff ff 4a 12 00 00 02 04 05 b4 01 01 04 02           ..J........... 

****** 4846418.0: <Untrust/ethernet0/2> packet received [48]******
  ipid = 28538(6f7a), @1d5aa914
  packet passed sanity check.
  ethernet0/2:161.101.150.102/1549->161.101.150.9/3389,6<Root>
  no session found
  flow_first_sanity_check: in <ethernet0/2>, out <N/A>
  chose interface ethernet0/2 as incoming nat if.
  flow_first_routing: in <ethernet0/2>, out <N/A>
  search route to (ethernet0/2, 161.101.150.102->10.10.10.2) in vr trust-vr for vsd-0/flag-0/ifp-null
  [ Dest] 3.route 10.10.10.2->10.10.10.2, to ethernet0/1
  routed (x_dst_ip 10.10.10.2) from ethernet0/2 (ethernet0/2 in 0) to ethernet0/1
  policy search from zone 1-> zone 3
 policy_flow_search  policy search nat_crt from zone 1-> zone 10
  RPC Mapping Table search returned 0 matched service(s) for (vsys Root, ip 161.101.150.9, port 3389, proto 6)
  No SW RPC rule match, search HW rule
swrs_search_ip: policy matched id/idx/action = 50/1/0x2d
  Permitted by policy 50
  No src xlate   choose interface ethernet0/1 as outgoing phy if
  check nsrp pak fwd: in_tun=0xffffffff, VSD 0 for out ifp ethernet0/1
  no loop on ifp ethernet0/1.
  session application type 0, name None, nas_id 0, timeout 1800sec
  Drop non-syn/tcp/tel/ftp/web pak in auth check
  log this session (pid=50)
policy id (50)
  packet dropped, denied by policy
  packet dropped, auth failed

Please see the snoop output as well