Hi @Lincoln_Webber,
Add your VS to fw monitor:
fw monitor -v <vsx instance> -e "accept(host ...);"
Specifies the capture filter (for both accelerated and non-accelerated traffic):
-F "<Source IP>,<Source Port>,<Dest IP>,<Dest Port>,<Protocol Number>"
If that doesn't help, I'd open a TAC case.
PS:
With R80.40 fw monitor works slightly different than in older versions. Showing list of chain modules with the "fw monitor", when you do not change the default capture positions:
in chain (17):
0: -7fffffff (0000000000000000) (00000000) SecureXL inbound (sxl_in)
1: -7ffffffe (0000000000000000) (00000000) SecureXL inbound CT (sxl_ct)
2: -7f800000 (ffffffff8b6718c0) (ffffffff) IP Options Strip (in) (ipopt_strip)
3: -70000000 (ffffffff8b6774d0) (ffffffff) fwmonitor (i/f side)
4: - 1fffff8 (ffffffff8b66f6f0) (00000001) Stateless verifications (in) (asm)
5: - 1fffff7 (ffffffff8b66f210) (00000001) fw multik misc proto forwarding
6: 0 (ffffffff8b8506a0) (00000001) fw VM inbound (fw)
7: 2 (ffffffff8b671d10) (00000001) fw SCV inbound (scv)
8: 4 (ffffffff8b061ed0) (00000003) QoS inbound offload chain module
9: 5 (ffffffff8b564d30) (00000003) fw offload inbound (offload_in)
10: 10 (ffffffff8b842710) (00000001) fw post VM inbound (post_vm)
11: 100000 (ffffffff8b7fd6c0) (00000001) fw accounting inbound (acct)
12: 22000000 (ffffffff8b0638d0) (00000003) QoS slowpath inbound chain mod (fg_sched)
13: 70000000 (ffffffff8b6774d0) (ffffffff) fwmonitor (IP side)
14: 7f730000 (ffffffff8b3c40b0) (00000001) passive streaming (in) (pass_str)
15: 7f750000 (ffffffff8b0e5b40) (00000001) TCP streaming (in) (cpas)
16: 7f800000 (ffffffff8b671870) (ffffffff) IP Options Restore (in) (ipopt_res)
out chain (16):
0: -7f800000 (ffffffff8b6718c0) (ffffffff) IP Options Strip (out) (ipopt_strip)
1: -70000000 (ffffffff8b6774d0) (ffffffff) fwmonitor (i/f side)
2: - 1fffff0 (ffffffff8b0d0190) (00000001) TCP streaming (out) (cpas)
3: - 1ffff50 (ffffffff8b3c40b0) (00000001) passive streaming (out) (pass_str)
4: - 1f00000 (ffffffff8b66f6f0) (00000001) Stateless verifications (out) (asm)
5: - 1ff (ffffffff8aeec0a0) (00000001) NAC Packet Outbound (nac_tag)
6: 0 (ffffffff8b8506a0) (00000001) fw VM outbound (fw)
7: 10 (ffffffff8b842710) (00000001) fw post VM outbound (post_vm)
8: 15000000 (ffffffff8b062540) (00000003) QoS outbound offload chain modul (fg_pol)
9: 21000000 (ffffffff8b0638d0) (00000003) QoS slowpath outbound chain mod (fg_sched)
10: 70000000 (ffffffff8b6774d0) (ffffffff) fwmonitor (IP side)
11: 7f000000 (ffffffff8b7fd6c0) (00000001) fw accounting outbound (acct)
12: 7f700000 (ffffffff8b0e4660) (00000001) TCP streaming post VM (cpas)
13: 7f800000 (ffffffff8b671870) (ffffffff) IP Options Restore (out) (ipopt_res)
14: 7f900000 (0000000000000000) (00000000) SecureXL outbound (sxl_out)
15: 7fa00000
➜ CCSM Elite, CCME, CCTE ➜ www.checkpoint.tips
