Packet mode and host-inbound traffic

Did you know that if you enable packet-mode in traffic interface of an SRX box,
host inbound traffic isn’t allowed anymore? Device can still process transit traffic
but inbound traffic won’t work. For example, apply a filter like below to an interface
and try to SSH to IP, you shouldn’t be allowed.

If you are wondering why: Documentation says that host-inbound traffic is only allowed
if it is sent to flow daemon for inspection.

PS: You can selectively exclude local IP from packet mode but here I just want to show the behavior change.

You have a feedback?

This site uses Akismet to reduce spam. Learn how your comment data is processed.