The (In:) line of the output, also referred to as the ingress wing, means: The packet is coming into the SRX device (ingress) via the ge-0/0/0 interface with a source IP address of 192.168.5.12 and is destined for the IP address 22.214.171.124.
The (Out:) line of the output, also referred to as the egress wing, means: The reply to the firewall (egress) is via the ge-1/0/0 interface and has a source IP address of 126.96.36.199 and is destined for the IP address 188.8.131.52.
Therefore, based on these two 'wings', you can conclude that the source IP address was translated from 192.168.5.12 to 184.108.40.206.
Explanation of the 'flow session' output fields:
Session Identifier = 1234 Security Policy used for this session = tcp-policy Timeout value = 1800 Seconds State of session = Valid
(In:) line (Ingress wing): This contains information on how the client packet looks when it enters the SRX ingress interface ge-0/0/0.0 and how many packets have passed on the session.
Incoming interface = ge-0/0/0.0 With Source IP/source port = 192.168.5.12/33758 and destination IP/destination port = 220.127.116.11/22 Pkts (packets received) = 2 with total bytes = 92
(Out:) line (Egress wing): This contains information on how the return packets should look, what interface they should arrive on, and how many packets have passed on the session.
Incoming interface = ge-1/0/0.0 With the Source IP/Source Port = 18.104.22.168/22 and destination IP/destination port = 22.214.171.124/49520 ##The Source IP/port = 192.168.5.12/33758 in the ingress wing has been source NAT'd to Source IP/port = 126.96.36.199/49520 Pkts = 1 with total bytes = 52
Note: If (Out:) line (Egress wing) doesn't show any packet, it could be because of the following reasons:
Reply doesn't arrive at the SRX from destination host.
Traffic arrives at the SRX in an asymmetric fashion. Asymmetric traffic occurs when packets egress an interface towards a destination from one interface but the replies from the same destination arrive at the SRX on a different interface. In such a scenario, the SRX will drop the traffic when the incoming interface is bound into a different security zone than the one that the egress interface belongs to. In order to confirm whether traffic is experiencing drops due to asymmetry, security flow traceoptions most be configured. Please refer to SRX Getting Started -- Troubleshooting Traffic Flows and Session Establishment on how to configure such traceoptions.
The state of the session is Valid and will be used to pass the traffic with an inactivity timeout value of 1750 seconds. As soon as another similar packet hits the session with the id = 1234, the timeout resets to the default value, unless a custom timeout value is set in the application definition.
For TCP default is 1800 Sec For UDP it is 60 Sec
Flow session output for Destination NAT
In the following flow session output, the Destination IP 188.8.131.52 port 25 is translated to IP 192.168.2.1.