I am using a Juniper firewall device that our incoming internet connection receives, then a switch that connects a bunch of servers that is connected to the firewall.
For some reason, some of the traffic between the hosts connected to the switch are showing up as sessions on the Juniper firewall. The hosts are using the same network address. I thought the traffic should be strictly going through the switch to other host, not out to the firewall and then back to the switch then the host.
I created a test environment, with a small switch, and the traffic between the hosts did not show up on the firewall sessions.
Is there anything particular to the Cisco SG200-50 that would cause traffic bound from one port to another, same network address, to be sent out to the firewall before switching the traffic to the other port?
The switch will not be looking at the layer-3 packet, it only delivers known unicasts to the port where the destination MAC address is located. It will flood unknown unicasts and broadcasts to all switch ports, including the router. To the switch, the router is just another host.
I have seen this when one or more hosts have either an incorrect mask or an incorrect gateway configured.