My Cisco ASA firewall is set to allow inbound HTTPS connections to a webserver, which works great.
Exemplified by the log entry below;
access-list outside_access_in permitted tcp outside/184.108.40.206(22913) -> inside/WEBSERVER(443) hit-cnt 1 first hit [0xdfea2982, 0x0]
However there is also a log entry reflecting traffic back to the client in the other direction "FROM" tcp/443.
access-list inside_access_in permitted tcp inside/WEBSERVER(443) -> outside/220.127.116.11(22913) hit-cnt 1 first hit [0xdfea2982, 0x0]
I was not expecting this entry or connection as I had planned to block all "outbound" connections from this server.
I thought the ASA would be aware of an already existing inbound connection and not need to establish outbound.
Can someone please explain this?