Sophos Firewall v22 EAP is now available! Click here to learn more.

Thread Info
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Display Filter in Packet Capture doesn't seem to work consistently

DavidSain

Well, back on this subject.
Packet Capture filtering

I've had this the Display Filter of the Packet Capture function work exactly ONE time in the last 8 years of working with Sophos Firewalls.

Here's an example:  Capturing traffic and I want to see traffic that has status Violation. Even added packet type, the interface, same.

Still shows everything.  



What have others done in the community to get this to work?  Are there some mandatory fields?  In SonicWall, it works EVERY time.

Yes, I know I can SSH to firewalls and run a TCP dump but it's not that easy to access our firewalls from my home office since they are all locked down by ACL to just a few management IPs. Not easy to see the matching rules there either. And the reverse proxy CLI access is absolute garbage unless you are used to typing one character every 2 seconds.

Thanks,

David



This thread was automatically locked due to age.
  • +1 in reply to DavidSain

    One thing: Do you use Central SSO to the firewall or is it a direct connection to  webadmin ?

    Because i think, the issue is reproduceable in SSO via Central. Not on the local Firewall admin. 

    That seems to be the issue. Let me dig into this. 

    Edit: I can reproduce this on the SSO Access via Central. We will track this to be fixed in a future release. Please give us some time here. 

    __________________________________________________________________________________________________________________