2. a) Next packet should have SYN only for new session. There might be network stale or application problems and, application resend ACK segment which will arrive after the router has cleared connection (both endpoints of this connection belives it's still alive). But it will arrive on interface which is not inspected. Should not "yes" (packet permitted) be answer to my question ?
4. Value is defined globally but the inspection is enabled only on fa0/2, so i am correct in point4 or not ?
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...