I'm confused by some behaviors of my filters. Could somebody explain
to me, if I have my settings as follows:

+-------------------------------------------------+
Packet Forwarding Filters
-------------------------------------------------
Status: Enabled

Action: Deny Packets in Filter List
(Permit Packets Not in Filter List)

Filters: (List of Denied Packets)
Exceptions: (List of Packets Always Permitted)
+-------------------------------------------------+

and the following exception:

Define Exception
----------------------------------------------------------------
Source Interface Type: Interface
Source Interface: CE100B_2 (Private)
Source Circuit:

Destination Interface Type: Interface
Destination Interface: <All Interfaces>
Destination Circuit:

Packet Type: www-https-st Protocol: TCP
Src Port(s): <All> Dest Port(s): 443
ACK Bit Filtering: Disabled Stateful Filtering: Enabled

Src Addr Type: Any Address
Src IP Address:
Dest Addr Type: Any Address
Dest IP Address:


Then, why am I getting the following discarded packets?
Interface Name Status
CE100B_1 Public
CE100B_2 Private
VPTUNNEL Private

TIA,
Jason


************************************************** **********************

OUTBOUND packet to "Discard"

Protocol Type=(TCP) Protocol Flag=(FIN ACK)

Source Address=(10.1.1.35) Destination Address=(164.109.17.159)

Source Port=(2349) Destination Port=(443)

Source TOS=(Dynamic) Destination TOS=(shttp)

Source Interface=(2) Destination Interface=(1)

Source Circuit=(54505) Destination Circuit=(62827)

Source GroupID=(0) Destination GroupID=(0)





Discard filter rule from "Exceptions" list

Filter Protocol Type=(TCP)

Source Interface Type=(BOARD) Destination Interface Type=(Any)

Source Address=(Any Address) Destination Address=(Any Address)

Source Interface Number=(2) Destination Interface Number=(0)

Source Port Range=(1-65535) Destination Port
Range=(443-443)
Source TOS=(Dynamic) Destination TOS=(shttp)

Source Group Name=(None) Destination Group Name=(None)

Source Group ID=(0) Destination Group ID=(0)

Source Remote System ID=(None) Destination Remote System ID=(None)

Source Circuit=(0) Destination Circuit=(0)

************************************************** **********************

INBOUND packet to "Discard"

Protocol Type=(TCP) Protocol Flag=(ACK)

Source Address=(164.109.17.159) Destination Address=(10.1.1.35)

Source Port=(443) Destination Port=(2350)

Source TOS=(shttp) Destination TOS=(Dynamic)

Source Interface=(1) Destination Interface=(2)

Source Circuit=(62827) Destination Circuit=(54505)

Source GroupID=(0) Destination GroupID=(0)





Discard filter rule from "Exceptions" list

Filter Protocol Type=(TCP)

Source Interface Type=(Any) Destination Interface Type=(BOARD)

Source Address=(164.109.17.159) Destination Address=(10.1.1.35)

Source Interface Number=(1) Destination Interface Number=(2)

Source Port Range=(443-443) Destination Port
Range=(2350-2350)
Source TOS=(shttp) Destination TOS=(Dynamic)

Source Group Name=(None) Destination Group Name=(None)

Source Group ID=(0) Destination Group ID=(0)

Source Remote System ID=(None) Destination Remote System ID=(None)

Source Circuit=(62827) Destination Circuit=(54505)

************************************************** ************************