I am running into an issue where the fw_accel rules are not catching a particular elephant flow.
I am running Gaia 80.30 take 200 on Checkpoint 12600 appliances.
I have used the fw_accel rules to accelerate certain elephant flows that i have identified. However, one particular flow, or more accurately, one source address and destination port pair doesn't get accelerated even though the rules are in place.
Has anyone had an issue where ssh on standard port 22 does not get captured properly by fw_accel rules?
I have other flows being captured and accelerated properly, so i know that the fw_accel service is running and the rule syntax is correct. I have tried a very specific rule with both source and destination configured with /32 masks and i have tried more general masks to try to capture the traffic, however the hit count continuously shows zero and the flows continue to show up in the output of "fw ctl multik print_heavy_conn"
I am starting to think it might just be an issue with ssh?