Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 0 replies
  • Subscribers 26 subscribers
  • Views 248 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

XG V18 NAT Confusion

Nathan Johnson

I'm both confused and frustrated over the new decoupled NAT feature in V18.  I swear it has a mind of its own.  There have been multiple of times INCLUDING earlier today where for no reason the XG will stop passing certain traffic.  It is almost always resolved by adding a new NAT rule, even if an exact matching rule was already in place. 

For example, today one of our remote sites (connected to main office via site to site VPN) stopped receiving DHCP responses from our DHPC server at the main office. I started troubleshooting by disabling a catchall NAT rule at the BOTTOM of my NAT rule list that I created last week when I realized I had an issue with something else and it didn't have a matching NAT rule.  I started there because that was the last modification made to the firewall.  That broke the site to site all together, no more traffic passed period.  Then I went and disabled a linked NAT rule for the site to site VPN that was about halfway up the NAT rules list from the bottom and then re-enabled the catchall NAT at the bottom and now everything started flowing across once again (including DHCP).  By the time I got back to the main office from that remote office, all traffic had stopped once again.  I logged back in the main office XG and re-enabled the linked NAT rule and traffic started flowing once again.

So before V18 I didn't have any NAT on our site to site VPNs and everything worked flawlessly.  But it appears now they are required for ANY traffic that is not LAN zone to LAN zone.  Can someone confirm whether that is true or not? 

Also as a side note, we have a main office and 5 remotes.  All have XG firewalls V17.5 except the main office which is V18.  All have site to site VPNs back to the main office as well as between each other as two of the remotes also have Active Directory Domain Controllers on site.   I have no issues out of the other XGs still on V17.5, nor did I have any issues out of the main office XG PRIOR to upgrading to V18.  Either something didn't go right with the upgrade and that XG is just wacked, or I'm just not understanding the flow of things in V18.

If anyone can provide any insight, it would be much appreciated.



This thread was automatically locked due to age.