Hi,
There are some limitations with egress filters on EX.
You could have achieved the same result as the output filter by applying the filter as input on all ingress interfaces but its a bit more cumbersome process if you have a lot of ingress interfaces. It is important to apply filter in the same direction as the traffic.
In this case, you can apply a filter as input on all the ingress interfaces to log the traffic, as well as still keeping a separate output filter [no logging] on the egress interface.
Example:
filter RDP-LOG {
term RDP-LOG {
from {
destination-address {
x.x.x.x/x;
}
protocol tcp;
destination-port 3389;
}
then {
log;
accept;
}
}
term DEFAULT-ACCEPT {
then accept;
}
}Filter can be applied as input on all ingress interfaces.
I believe there are multiple ways of achieving the same result.
Cheers,
Ashvin