Gateway AV and packet monitor
We have a client software that reaches out to an on prem. server for updates. Our TZ570 units are flagging the files as a virus per the cloud database. I've added an exception for one signature now a few days later it's triggering via a different signature. When the update was failing I initially did a packet monitor to see if it was indeed the firewall blocking. I eventually did a monitor of everything and searched the results. No dropped packets. However going through the log monitor there was a plethora of events logged pertaining to a transfer from server A to client B with their specific Ip addresses listed as src and dst accordingly. My question is why do these not show up in packet monitor as dropped? Only in the log monitor. I naively assumed the packet monitor looked at everything on all interfaces and captured accordingly.