Packet Capture on Fortigate Firewall not capturing all packets
We have a Fortigate 200D running the 5.0 firmware.
When I use the Packet Capture, I notice some odd behaviour that I do not understand and wanted to know if this is normal or is there a problem.
I select the Packet Capture option via the GUI. System > Network > Packet Capture
I create a new packet capture and select my criteria. Sometimes I filter certain hosts and then start the capture.
When I attempt to generate some traffic to one of the hosts in the capture criteria, I do not see all of the packets. Particular examples include the following:
[ol]I should point out that the firewall is a termination point for an IPSEC VPN tunnel and represents the far end of the link.
In the diagram below, I'm trying to capture packets between the Remote LAN and the Fortigate 20D on an interface called "user_vlan" which represents the subnet of the Remote LAN.
<Me><Local LAN><Fortigate> <IPSEC VPN> <Fortigate 20D><Remote LAN "user_vlan">
Connectivity is all fine and working, I just don't understand why the packet capture doesn't capture ALL of the packets I expect it to.
Darren.