Dear all,
I have configured a WAF rule at position one (ID 4) that publishes an internal Webserver. The rule is followed by a firewall rule for a DNAT rule that publishes all services of a different internal server to one particular external IP address (ID 11)
The corresponding NAT rule (ID 1) looks like the following:
The NAT rule has set Source to Original so that the source address from the particular external IP address that is accessing the published server should not get translated to the internal IP address of the XG.
When looking at the traffic with packet capture however I have noticed that HTTP or HTTPS traffic handeled by this NAT rule is somehow being catched by the WAF firwall rule (ID 4) and not by the rule that it is actually intended for (ID 11). The correct NAT rule matches however (ID 1):
I also noticed that even though the NAT rule has set the source address to Original the source address actually becomes translated to the internal IP address of the XG. It somehow looks to me that the WAF is still involved here (even though it shows not log entries in WAF logging when accessig the server via HTTP).
If I change the order of the firewall rules by placing the DNAT firewall rule before the WAF rule, the source address does not get translated anymore (as being acually configured in the NAT rule).
Is this behavior correct?
Thanks
Michael
This thread was automatically locked due to age.
