i'm trying to troubleshoot a connection problem with the packet filter but in log viewer the id of the rule is correct but not in packet filter.
The rule :
In log viewer :
In packet capture:
Why is it the rule 0 ? The rule 0 is the default drop rule.. All traffic pass without any error, in this case what is it shown in packet filter?
Hi Julian Cast,
Thank you for reaching out to Sophos Community.
With a mentioned BFS string, you'll only be able to see the incoming packets
Firewall rule ID gets marked when traffic gets forwarded…
Firewall rule ID gets marked when traffic gets forwarded from it. You'll be able to see the Rule ID of a packet with 'Forwarded' status.
Please use the below BPF string to get the correct packet capture output.
BPF string: host 192.168.150.35 and proto ICMPor host 184.108.40.206 and proto ICMPorhost 192.168.150.35
Hello Yash Kothari,
i will try thank you !
Edit => It's ok and now i have a better understanding of the good use of packet filter. Thank you very much