This could possibly mean that the filtered IP used on the packet capture is not a native VLAN IP on the trunk connection. This is currently a limitation on SGOS where there would be no packet captured if a packet capture filter is used on a ProxySG which sits on a bridge connection with a VLAN Trunk and the filtered IP does not sit on a native VLAN of the trunk connection.
The only workaround we have is by using a MAC address of the client, however this can only be used if the client sits on same network with ProxySG. Here is an example of filtering using MAC address
ether host 00:e0:81:aa:88:ef
In SGOS 6.x, the proxy supports the "vlan" capture filter. Hence, you can use "vlan x and host a.b.c.d" instead of the example below.
Example of a scenario
Proxy sits on a trunk which has a native Vlan 1 and Vlan 1 is configured as a native VLAN on the Proxy.
Workstation 10.105.13.201 is on vlan 13 and it's mac address is aa:bb:cc:dd:ee:ff
If you use a pcap filter "ip host 10.105.13.201" and start a packet capture, you get no capture.
However if you use filter aa:bb:cc:dd:ee:ff andStart the pcap and setup aa:aa:aa:aa:aa:aa as mac address filter and client and Proxy resides on same network, then only we will see packets being captured.