How to verify the correct firewall policy is being used
If you have more than one firewall policy, use the count column to check which policy is being used, the count must show traffic increasing. To do so, go to Policy & Objects > Policy page.
Also debuging the packet flow in the CLI shows the policy id allowing the traffic.
Sample output:
id=13 trace_id=1 func=fw_forward_handler line=650 msg=”Allowed by Policy-14: SNAT”
For more information on debuging the packet flow, see How to debug the packet flow.