In “diag debug flow” output, you see the message “Allowed by Policy-1: SNAT”. Which is true?
A.
The packet matched the topmost policy in the list of firewall policies.
B.
The packet matched the firewall policy whose policy ID is 1.
C.
The packet matched a firewall policy, which allows the packet and skips UTM checks.
D.
The policy allowed the packet and applied session NAT.