Packets not displayed when capturing on CPSG or VSX VAP
Article ID: 167789
Packets not displayed when capturing on CPSG or VSX VAPWhen capturing traffic on a VAP with Check Point SG or VSX application installed, some of the packets might not be displayed by fw monitor or tcpdump. All the packets can be normally visible on the inbound or outbound ports when capturing them directly on the NPM. Usually, only SYN packets are visible in the capture.
If SecureXL is enabled on the CPSG or VSX VAP, only non-accelerated traffic is shown by fw monitor or tcpdump. The accelerated traffic is handled by SecureXL driver and not reaching IP stack of the operating system.
Option 1: Disable SecureXL temporarily in order to capture traffic required for troubleshooting.
Option 2: Capture the traffic on the external tap device or on the NPM.