You can do the following inorder to verify if the traffic is coming to the firewall and is getting blocked 1. Need to setup the filters for the traffic you are interested in. To do this, execute the following steps: Navigate to Monitor--Packet Capture Click 'Manage Filters' Set Filter ID 1 to be the source IP and destination IP of traffic you feel is affected ( leave all other fields blank ) Set Filter ID 2 to be the exact inverse of what you did in step 3 (destination IP in source field, Source IP in destination field) 2. Setup up the captures Create and name the file stage for a packet capture on all the stages (receive, transmit, firewall and drop) 3. Enable filters and captures debug dataplane packet-diag set filter on debug dataplane packet-diag set capture on 4. open 2 CLI windows on 1 run the following command to look at the counter ( make sure to run this command once before running the traffic) show counter global filter packet-filter yes delta yes on the 2nd window run the following command to look at he sessions show session all filter source <ip address> destination <ip address> if you dont have the destination that is fine just leave the above command till source After your test has been done stop all the captures and filters and see if global counter show you anything why it is dropping the traffic or if you have getting pcap with drop stage. This will help you narrow down the issue. Let us know if this helps you resolve the issue. Thanks Numan
... View more