Hi,
On srx 240h ( 11.4R7.5 ) i set packet capture to syslog from output of ge-0/0/6.3 but in syslog looks like packets from ge-0/0/1.3.
Normally packets enter ge-0/0/1.3 and exit ge-0/0/6.3. I'm looking proof that packets leaving ge-0/0/6.3 because on opposite site Palo Alto claims that i don't send anything..
show interfaces ge-0/0/6.3
description link-mpls;
vlan-id 53;
family inet {
filter {
output ge6_3;
}
address x/y;
}
show firewall filter ge6_3
term log2 {
from {
source-address {
10.10.2.192/32;
}
destination-address {
10.196.0.50/32;
}
}
then {
syslog;
accept;
}
}
term default {
then accept;
}
and in my syslog i see "FW: ge-0/0/1.3"
PFE_FW_SYSLOG_IP: FW: ge-0/0/1.3 A tcp 10.10.2.192 10.196.0.50 8403 63944 (4 packets)
PFE_FW_SYSLOG_IP: FW: ge-0/0/1.3 A tcp 10.10.2.192 10.196.0.50 PFE_FW_SYSLOG_IP: FW: ge-0/0/1.3 A tcp 10.10.2.192 10.196.0.50 8403 63944 (4 packets)
PFE_FW_SYSLOG_IP: FW: ge-0/0/1.3 A tcp 10.10.2.192 10.196.0.50 8403 63944 (10 packets)