Upon inspecting a tcpdump, you notice only L2 traffic was captured.
Note: This article assumes you have already enabled Packet Monitoring
This is a known issue.
An additional file is required in order for the tcpdump to collect more then just L2 traffic
SCP the file (attached to the article) to the appliance to the /home/dlpremote folder