I'm not sure why line 4 (top most line) shows NAT rule 1 (the DNAT rule) or FW rule 2 involved at all, its almost like the connection tracking is confused. I have an SD WAN rule matching all traffic from 172.16.33.78 destined for the Internet and send it out using Port2 and gw address .xx, which the XG seems to be ignoring. Response should be sent back using Port2 just like the request used to come in Packet forwarded from WAN to LAN IP 172.16.33.78, DNAT completeįailure is here, firewall sending response on PortF1.66 which is a WAN IF for ISP #2 Packet from 152.67.xx.xx comes into firewall on Port2 from ISP #1 at .xx Hopefully this image shows what's going on. Running packet capture on the firewall I can see packets arrive, but they are getting sent back on the wrong interface, sent back on a totally different isp. The firewall accepts the connection on the indicated ports, and is passing the traffic to the internal servers, but the response from those servers is getting misdirected. Their port-forwards appear broken, but it is weird. So that is working like it should.īut, a handful of servers that are hosted internally are no longer reachable over the internet. Users who are doing The Facebook, Youtube and other general surfing get directed to a fast but cheap ISP #2.
Users that are trying to Zoom or check company email get sent out over reliable yet limited ISP #1. Is there a particular order or rule configuration that needs to be followed when doing SD WAN and port-forwarding (DNAT) on the same XG firewall?
0 kommentar(er)
