Why does the log viewer and the policy test show different firewall ID's for the same URL? [SFOS 17.1.1 MR-1]

Question

As per the example below: 
 Log viewer -- fw_rule_id="4"

Log viewer -- IPv4 Bypass (ID: 5) 
 
 2018-08-12 19:01:59Web Filtermessageid="16001" log_type="Content Filtering" log_component="HTTP" log_subtype="Allowed" status="" fw_rule_id="4" user="" user_group="" web_policy_id="13" web_policy="" category="Web E-Mail" category_type="Unproductive" url=" outlook.office365.com/.../ content_type="application/octet-stream" override_token="" response_code="" src_ip="10.116.112.78" dst_ip="52.96.9.178" protocol="TCP" src_port="55724" dst_port="443" bytes_sent="1079" bytes_received="1282" domain="outlook.office365.com" exception="" activity_name="" reason="not eligible" user_agent="Microsoft Office/15.0 (Windows NT 10.0; Microsoft Outlook 15.0.5049; Pro)" status_code="200" transaction_id="" referer="" download_file_name="" download_file_type="" upload_file_name="" upload_file_type="" con_id="972712800" app_name="Office 365" app_is_cloud="1" 
 
 policy test 
 
 Connection

Test Time 
 
 19:03:09 Sunday

Destination 
 
 outlook.office365.com/.../

Destination IP 
 
 40.97.190.2, port 443, TCP

Source IP 
 
 10.116.112.78

Source Zone 
 
 Auto-Detection

User 
 
 User Unauthenticated

Result 
 
 Accepted

Firewall Rule 
 
 IPv4 Bypass (ID: 5)

sachingurung · Answer

Hi Jim, 
 I verified this at my end and the test was positive. SSH to the XG firewall and execute the following command in Advance Shell, let us know if that works: 
 conntrack -D -s 10.116.112.78 (IP address of a source system) 
 This command will flush the conntrack table for the source IP. 
 Thanks,