I have a pair of SRX240s that seem to be logging transit traffic in the 'show firewall log' output. I've never seen this before, so it's rather confusing me.
05:37:27 pfe A ge-0/0/4.3000 TCP x.x.x.111 x.x.x.6 05:37:27 pfe A ge-0/0/4.3000 TCP x.x.x.111 x.x.x.6 05:37:27 pfe A ge-0/0/4.3000 TCP x.x.x.6 x.x.x.111 05:37:26 pfe A ge-0/0/4.3000 UDP x.x.x.22 x.x.x.35 05:37:25 pfe A ge-0/0/4.3000 UDP x.x.x.22 x.x.x.65
None of the addresses above exist on the SRX itself, but exist as external devices on its attached LAN interface. These nodes are on different subnets, but on the same interface, ge-0/0/4.3000, along with a few other secondary subnets. I have no filters configured to log anything except the lo0.0 filter, which logs discarded traffic to the RE. All this traffic is shown as 'action: accept'. Moreover, there are no firewall filters even applied to the interface that these nodes are on.
I've done a search through the entire config (show configuration | match log) and found nothing that should be logging this traffic. It is happening on two SRXes. One is on 12.1X44-D40.2 and the other is on 12.1X46-D55.3.
What simple thing am I missing here? Does the SRX by default just log intra-interface traffic?