Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 39 replies
  • Subscribers 28 subscribers
  • Views 3895 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

XGS 2100 Loopback NAT

Robert Reid

We are looking to deploy an HA pair of XGS2100 firewalls to our data centre. My issue is I cannot get a loopback NAT to work when I am starting the conversation from the same zone as the destination server is in. IF the loopback is to a different zone all is good.

I have googled this for hours and spent hours on the phone with support to no avail. I do have a support ticket open already but I hoping someone might have some additional insight into this.

The Firewall currently have 18.5 MR1 installed.



This thread was automatically locked due to age.
Parents
  • 0

    Why do you need a loop back in the first place? Still not sure, whats the actual use case? 

  • 0 in reply to LuCar Toni

    We have cloud servers (RDS) that need to be able to connect to servers in the same network using either the public DNS name or the public IP address.  We currently have Sophos SG firewalls here that have no problem accomplishing this task and every other firewall vendor I have ever used has no issue with loopback/hairpinning. I believe at one point I also had this working on an XG firewall. 

    Without loopback working these firewalls will not be a fit for our deployment and we will have to stay with the SGs.  

  • 0 in reply to LuCar Toni

    When I get to the office in a few hours I will do that.  Are there any particular parameters you would like added.?

    is your loopback going to the same subnet? Cause I’ve spent hours on this and have not had any luck   

  • 0 in reply to Robert Reid

    Yes. It uses a NTP Loop back. I am using a NTP loopback. 

    Do a tcpdump -ni any port (used service). 

    Then open the connection on your client. 

  • 0 in reply to LuCar Toni

    tcpdumps

    With SNAT set to Original

    XGS2100_RL01_SFOS 18.5.1 MR-1-Build318# tcpdump -ni any port 80[J
    tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
    listening on any, link-type LINUX_SLL (Linux cooked v1), capture size 262144 bytes
    11:33:09.313013 Port5, IN: ethertype IPv4, IP 10.10.15.3.60921 > 192.168.112.3.80: Flags [S], seq 1188266436, win 64240, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
    11:33:09.313041 br0, OUT: ethertype IPv4, IP 10.10.15.3.60921 > 10.10.0.100.80: Flags [S], seq 1188266436, win 64240, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
    11:33:09.313215 Port5, IN: ethertype IPv4, IP 10.10.15.3.63277 > 192.168.112.3.80: Flags [S], seq 1045385692, win 64240, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
    11:33:09.313235 br0, OUT: ethertype IPv4, IP 10.10.15.3.63277 > 10.10.0.100.80: Flags [S], seq 1045385692, win 64240, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
    11:33:09.572133 Port5, IN: ethertype IPv4, IP 10.10.15.3.62888 > 192.168.112.3.80: Flags [S], seq 2708416238, win 64240, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
    11:33:09.572165 br0, OUT: ethertype IPv4, IP 10.10.15.3.62888 > 10.10.0.100.80: Flags [S], seq 2708416238, win 64240, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
    11:33:10.320527 Port5, IN: ethertype IPv4, IP 10.10.15.3.60921 > 192.168.112.3.80: Flags [S], seq 1188266436, win 64240, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
    11:33:10.320571 br0, OUT: ethertype IPv4, IP 10.10.15.3.60921 > 10.10.0.100.80: Flags [S], seq 1188266436, win 64240, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
    11:33:10.320584 Port5, IN: ethertype IPv4, IP 10.10.15.3.63277 > 192.168.112.3.80: Flags [S], seq 1045385692, win 64240, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
    11:33:10.320610 br0, OUT: ethertype IPv4, IP 10.10.15.3.63277 > 10.10.0.100.80: Flags [S], seq 1045385692, win 64240, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
    11:33:10.584039 Port5, IN: ethertype IPv4, IP 10.10.15.3.62888 > 192.168.112.3.80: Flags [S], seq 2708416238, win 64240, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
    11:33:10.584072 br0, OUT: ethertype IPv4, IP 10.10.15.3.62888 > 10.10.0.100.80: Flags [S], seq 2708416238, win 64240, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
    11:33:12.324379 Port5, IN: ethertype IPv4, IP 10.10.15.3.63277 > 192.168.112.3.80: Flags [S], seq 1045385692, win 64240, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
    11:33:12.324381 Port5, IN: ethertype IPv4, IP 10.10.15.3.60921 > 192.168.112.3.80: Flags [S], seq 1188266436, win 64240, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
    11:33:12.324413 br0, OUT: ethertype IPv4, IP 10.10.15.3.60921 > 10.10.0.100.80: Flags [S], seq 1188266436, win 64240, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
    11:33:12.324414 br0, OUT: ethertype IPv4, IP 10.10.15.3.63277 > 10.10.0.100.80: Flags [S], seq 1045385692, win 64240, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
    11:33:12.591515 Port5, IN: ethertype IPv4, IP 10.10.15.3.62888 > 192.168.112.3.80: Flags [S], seq 2708416238, win 64240, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
    11:33:12.591549 br0, OUT: ethertype IPv4, IP 10.10.15.3.62888 > 10.10.0.100.80: Flags [S], seq 2708416238, win 64240, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
    11:33:16.331613 Port5, IN: ethertype IPv4, IP 10.10.15.3.60921 > 192.168.112.3.80: Flags [S], seq 1188266436, win 64240, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
    11:33:16.331613 Port5, IN: ethertype IPv4, IP 10.10.15.3.63277 > 192.168.112.3.80: Flags [S], seq 1045385692, win 64240, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
    11:33:16.331648 br0, OUT: ethertype IPv4, IP 10.10.15.3.60921 > 10.10.0.100.80: Flags [S], seq 1188266436, win 64240, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
    11:33:16.331648 br0, OUT: ethertype IPv4, IP 10.10.15.3.63277 > 10.10.0.100.80: Flags [S], seq 1045385692, win 64240, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
    11:33:16.596957 Port5, IN: ethertype IPv4, IP 10.10.15.3.62888 > 192.168.112.3.80: Flags [S], seq 2708416238, win 64240, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
    11:33:16.596999 br0, OUT: ethertype IPv4, IP 10.10.15.3.62888 > 10.10.0.100.80: Flags [S], seq 2708416238, win 64240, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
    11:33:24.332298 Port5, IN: ethertype IPv4, IP 10.10.15.3.60921 > 192.168.112.3.80: Flags [S], seq 1188266436, win 64240, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
    11:33:24.332299 Port5, IN: ethertype IPv4, IP 10.10.15.3.63277 > 192.168.112.3.80: Flags [S], seq 1045385692, win 64240, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
    11:33:24.332337 br0, OUT: ethertype IPv4, IP 10.10.15.3.63277 > 10.10.0.100.80: Flags [S], seq 1045385692, win 64240, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
    11:33:24.332337 br0, OUT: ethertype IPv4, IP 10.10.15.3.60921 > 10.10.0.100.80: Flags [S], seq 1188266436, win 64240, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
    11:33:24.599556 Port5, IN: ethertype IPv4, IP 10.10.15.3.62888 > 192.168.112.3.80: Flags [S], seq 2708416238, win 64240, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
    11:33:24.599639 br0, OUT: ethertype IPv4, IP 10.10.15.3.62888 > 10.10.0.100.80: Flags [S], seq 2708416238, win 64240, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0

    With SNAT set to MASQ

    XGS2100_RL01_SFOS 18.5.1 MR-1-Build318# XGS2100_RL01_SFOS 18.5.1 MR-1-Build318# tcpdump -ni any port 80[J
    tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
    listening on any, link-type LINUX_SLL (Linux cooked v1), capture size 262144 bytes
    11:35:38.443417 Port5, IN: ethertype IPv4, IP 10.10.15.3.55396 > 192.168.112.3.80: Flags [S], seq 3071726818, win 64240, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
    11:35:38.443482 br0, OUT: ethertype IPv4, IP 10.10.15.3.55396 > 10.10.0.100.80: Flags [S], seq 3071726818, win 64240, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
    11:35:38.445483 Port5, IN: ethertype IPv4, IP 10.10.15.3.56774 > 192.168.112.3.80: Flags [S], seq 3730900500, win 64240, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
    11:35:38.445504 br0, OUT: ethertype IPv4, IP 10.10.15.3.56774 > 10.10.0.100.80: Flags [S], seq 3730900500, win 64240, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
    11:35:38.703662 Port5, IN: ethertype IPv4, IP 10.10.15.3.53985 > 192.168.112.3.80: Flags [S], seq 2729626535, win 64240, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
    11:35:38.703702 br0, OUT: ethertype IPv4, IP 10.10.15.3.53985 > 10.10.0.100.80: Flags [S], seq 2729626535, win 64240, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
    11:35:39.453159 Port5, IN: ethertype IPv4, IP 10.10.15.3.55396 > 192.168.112.3.80: Flags [S], seq 3071726818, win 64240, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
    11:35:39.453205 br0, OUT: ethertype IPv4, IP 10.10.15.3.55396 > 10.10.0.100.80: Flags [S], seq 3071726818, win 64240, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
    11:35:39.453212 Port5, IN: ethertype IPv4, IP 10.10.15.3.56774 > 192.168.112.3.80: Flags [S], seq 3730900500, win 64240, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
    11:35:39.453242 br0, OUT: ethertype IPv4, IP 10.10.15.3.56774 > 10.10.0.100.80: Flags [S], seq 3730900500, win 64240, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
    11:35:39.717361 Port5, IN: ethertype IPv4, IP 10.10.15.3.53985 > 192.168.112.3.80: Flags [S], seq 2729626535, win 64240, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
    11:35:39.717407 br0, OUT: ethertype IPv4, IP 10.10.15.3.53985 > 10.10.0.100.80: Flags [S], seq 2729626535, win 64240, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
    11:35:41.453945 Port5, IN: ethertype IPv4, IP 10.10.15.3.56774 > 192.168.112.3.80: Flags [S], seq 3730900500, win 64240, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
    11:35:41.453987 br0, OUT: ethertype IPv4, IP 10.10.15.3.56774 > 10.10.0.100.80: Flags [S], seq 3730900500, win 64240, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
    11:35:41.468663 Port5, IN: ethertype IPv4, IP 10.10.15.3.55396 > 192.168.112.3.80: Flags [S], seq 3071726818, win 64240, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
    11:35:41.468692 br0, OUT: ethertype IPv4, IP 10.10.15.3.55396 > 10.10.0.100.80: Flags [S], seq 3071726818, win 64240, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
    11:35:41.719996 Port5, IN: ethertype IPv4, IP 10.10.15.3.53985 > 192.168.112.3.80: Flags [S], seq 2729626535, win 64240, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
    11:35:41.720032 br0, OUT: ethertype IPv4, IP 10.10.15.3.53985 > 10.10.0.100.80: Flags [S], seq 2729626535, win 64240, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
    11:35:45.454191 Port5, IN: ethertype IPv4, IP 10.10.15.3.56774 > 192.168.112.3.80: Flags [S], seq 3730900500, win 64240, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
    11:35:45.454233 br0, OUT: ethertype IPv4, IP 10.10.15.3.56774 > 10.10.0.100.80: Flags [S], seq 3730900500, win 64240, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
    11:35:45.470081 Port5, IN: ethertype IPv4, IP 10.10.15.3.55396 > 192.168.112.3.80: Flags [S], seq 3071726818, win 64240, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
    11:35:45.470108 br0, OUT: ethertype IPv4, IP 10.10.15.3.55396 > 10.10.0.100.80: Flags [S], seq 3071726818, win 64240, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
    11:35:45.720277 Port5, IN: ethertype IPv4, IP 10.10.15.3.53985 > 192.168.112.3.80: Flags [S], seq 2729626535, win 64240, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
    11:35:45.720314 br0, OUT: ethertype IPv4, IP 10.10.15.3.53985 > 10.10.0.100.80: Flags [S], seq 2729626535, win 64240, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
    11:35:53.461604 Port5, IN: ethertype IPv4, IP 10.10.15.3.56774 > 192.168.112.3.80: Flags [S], seq 3730900500, win 64240, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
    11:35:53.461646 br0, OUT: ethertype IPv4, IP 10.10.15.3.56774 > 10.10.0.100.80: Flags [S], seq 3730900500, win 64240, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
    11:35:53.476758 Port5, IN: ethertype IPv4, IP 10.10.15.3.55396 > 192.168.112.3.80: Flags [S], seq 3071726818, win 64240, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
    11:35:53.476804 br0, OUT: ethertype IPv4, IP 10.10.15.3.55396 > 10.10.0.100.80: Flags [S], seq 3071726818, win 64240, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
    11:35:53.729077 Port5, IN: ethertype IPv4, IP 10.10.15.3.53985 > 192.168.112.3.80: Flags [S], seq 2729626535, win 64240, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
    11:35:53.729119 br0, OUT: ethertype IPv4, IP 10.10.15.3.53985 > 10.10.0.100.80: Flags [S], seq 2729626535, win 64240, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
    11:36:00.512285 Port5, IN: ethertype IPv4, IP 10.10.15.3.53344 > 192.168.112.3.80: Flags [S], seq 3840077669, win 64240, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
    11:36:00.512336 br0, OUT: ethertype IPv4, IP 10.10.15.3.53344 > 10.10.0.100.80: Flags [S], seq 3840077669, win 64240, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
    11:36:00.515229 Port5, IN: ethertype IPv4, IP 10.10.15.3.61257 > 192.168.112.3.80: Flags [S], seq 4170908038, win 64240, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
    11:36:00.515246 br0, OUT: ethertype IPv4, IP 10.10.15.3.61257 > 10.10.0.100.80: Flags [S], seq 4170908038, win 64240, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
    11:36:00.771569 Port5, IN: ethertype IPv4, IP 10.10.15.3.61956 > 192.168.112.3.80: Flags [S], seq 4294786532, win 64240, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
    11:36:00.771613 br0, OUT: ethertype IPv4, IP 10.10.15.3.61956 > 10.10.0.100.80: Flags [S], seq 4294786532, win 64240, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
    11:36:01.524158 Port5, IN: ethertype IPv4, IP 10.10.15.3.53344 > 192.168.112.3.80: Flags [S], seq 3840077669, win 64240, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
    11:36:01.524200 br0, OUT: ethertype IPv4, IP 10.10.15.3.53344 > 10.10.0.100.80: Flags [S], seq 3840077669, win 64240, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
    11:36:01.524204 Port5, IN: ethertype IPv4, IP 10.10.15.3.61257 > 192.168.112.3.80: Flags [S], seq 4170908038, win 64240, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
    11:36:01.524214 br0, OUT: ethertype IPv4, IP 10.10.15.3.61257 > 10.10.0.100.80: Flags [S], seq 4170908038, win 64240, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
    11:36:01.775424 Port5, IN: ethertype IPv4, IP 10.10.15.3.61956 > 192.168.112.3.80: Flags [S], seq 4294786532, win 64240, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
    11:36:01.775466 br0, OUT: ethertype IPv4, IP 10.10.15.3.61956 > 10.10.0.100.80: Flags [S], seq 4294786532, win 64240, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
    11:36:03.524711 Port5, IN: ethertype IPv4, IP 10.10.15.3.53344 > 192.168.112.3.80: Flags [S], seq 3840077669, win 64240, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
    11:36:03.524752 br0, OUT: ethertype IPv4, IP 10.10.15.3.53344 > 10.10.0.100.80: Flags [S], seq 3840077669, win 64240, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
    11:36:03.524756 Port5, IN: ethertype IPv4, IP 10.10.15.3.61257 > 192.168.112.3.80: Flags [S], seq 4170908038, win 64240, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
    11:36:03.524767 br0, OUT: ethertype IPv4, IP 10.10.15.3.61257 > 10.10.0.100.80: Flags [S], seq 4170908038, win 64240, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
    11:36:03.790219 Port5, IN: ethertype IPv4, IP 10.10.15.3.61956 > 192.168.112.3.80: Flags [S], seq 4294786532, win 64240, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
    11:36:03.790272 br0, OUT: ethertype IPv4, IP 10.10.15.3.61956 > 10.10.0.100.80: Flags [S], seq 4294786532, win 64240, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
    11:36:07.525025 Port5, IN: ethertype IPv4, IP 10.10.15.3.53344 > 192.168.112.3.80: Flags [S], seq 3840077669, win 64240, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
    11:36:07.525069 br0, OUT: ethertype IPv4, IP 10.10.15.3.53344 > 10.10.0.100.80: Flags [S], seq 3840077669, win 64240, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
    11:36:07.525073 Port5, IN: ethertype IPv4, IP 10.10.15.3.61257 > 192.168.112.3.80: Flags [S], seq 4170908038, win 64240, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
    11:36:07.525083 br0, OUT: ethertype IPv4, IP 10.10.15.3.61257 > 10.10.0.100.80: Flags [S], seq 4170908038, win 64240, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
    11:36:07.792403 Port5, IN: ethertype IPv4, IP 10.10.15.3.61956 > 192.168.112.3.80: Flags [S], seq 4294786532, win 64240, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
    11:36:07.792449 br0, OUT: ethertype IPv4, IP 10.10.15.3.61956 > 10.10.0.100.80: Flags [S], seq 4294786532, win 64240, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0

    There is one thing I am noticing in these. the LAN of the source and the LAN of the Destination is VLAN on br0. Nowhere in the TCP dump am I seeing the VLAN being addressed, not sure if that is normal or not.. Port5 is a member of br0 and the devices are on br0.20

    192.168.112.3 is the WAN IP of the device I am trying to get to, 10.10.15.3 is the source and 10.10.0.100 is the LAN IP of the destination.  The Loopback rule usage count is incrementing when I try to connect.

  • 0 in reply to Robert Reid

    Change from MASQ to a custom host. Change it to a host, you created with the IP of your br0.20 Interface. Check if it will SNAT the packets. 

    Wondering as you should see .VLAN Interfaces in the Packet capture as well. 

    Try: ip r g 10.10.0.100 --> It should show br0.20 

    Check: console> system route_precedence show
    Routing Precedence:
    1. Static routes
    2. SD-WAN policy routes
    3. VPN routes

  • 0 in reply to LuCar Toni

    console> system route_precedence show
    Routing Precedence:
    1. Static routes
    2. SD-WAN policy routes
    3. VPN routes

    I have no Static routes set

    XGS2100_RL01_SFOS 18.5.1 MR-1-Build318# ip r g 10.10.0.100
    10.10.0.100 dev br0.20 src 10.10.0.1 uid 0
    cache

    Okay I Think I read it right.

    Created an IP host with ip 10.10.0.254 (on VLAN 20) and changed the Loopback NAT to that host. 

    TCPDUMP after change is the same.

    12:04:47.005444 br0, OUT: ethertype IPv4, IP 10.10.15.3.63811 > 10.10.0.100.80: Flags [S], seq 2935645804, win 64240, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
    12:04:47.254490 Port5, IN: ethertype IPv4, IP 10.10.15.3.53244 > 192.168.112.3.80: Flags [S], seq 2327797076, win 64240, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
    12:04:47.254526 br0, OUT: ethertype IPv4, IP 10.10.15.3.53244 > 10.10.0.100.80: Flags [S], seq 2327797076, win 64240, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
    12:04:51.018048 Port5, IN: ethertype IPv4, IP 10.10.15.3.63811 > 192.168.112.3.80: Flags [S], seq 2935645804, win 64240, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
    12:04:51.018084 Port5, IN: ethertype IPv4, IP 10.10.15.3.64210 > 192.168.112.3.80: Flags [S], seq 1148065473, win 64240, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
    12:04:51.018113 br0, OUT: ethertype IPv4, IP 10.10.15.3.63811 > 10.10.0.100.80: Flags [S], seq 2935645804, win 64240, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
    12:04:51.018114 br0, OUT: ethertype IPv4, IP 10.10.15.3.64210 > 10.10.0.100.80: Flags [S], seq 1148065473, win 64240, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
    12:04:51.254768 Port5, IN: ethertype IPv4, IP 10.10.15.3.53244 > 192.168.112.3.80: Flags [S], seq 2327797076, win 64240, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
    12:04:51.254812 br0, OUT: ethertype IPv4, IP 10.10.15.3.53244 > 10.10.0.100.80: Flags [S], seq 2327797076, win 64240, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
    12:04:59.024272 Port5, IN: ethertype IPv4, IP 10.10.15.3.63811 > 192.168.112.3.80: Flags [S], seq 2935645804, win 64240, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
    12:04:59.024274 Port5, IN: ethertype IPv4, IP 10.10.15.3.64210 > 192.168.112.3.80: Flags [S], seq 1148065473, win 64240, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
    12:04:59.024319 br0, OUT: ethertype IPv4, IP 10.10.15.3.63811 > 10.10.0.100.80: Flags [S], seq 2935645804, win 64240, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
    12:04:59.024319 br0, OUT: ethertype IPv4, IP 10.10.15.3.64210 > 10.10.0.100.80: Flags [S], seq 1148065473, win 64240, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
    12:04:59.257082 Port5, IN: ethertype IPv4, IP 10.10.15.3.53244 > 192.168.112.3.80: Flags [S], seq 2327797076, win 64240, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
    12:04:59.257122 br0, OUT: ethertype IPv4, IP 10.10.15.3.53244 > 10.10.0.100.80: Flags [S], seq 2327797076, win 64240, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0

  • 0 in reply to Robert Reid

    You should see a NAT ID. If you use a conntrack, does the NAT Rule reflect the same rule ID? 

    conntrack -E | grep orig-dport=80

    This should show you the conntrack. 

    There should be a entry for NAT: fwid=0 natid=0  It should use the same ID you see in the Webadmin. 

  • 0 in reply to LuCar Toni

    That command is returning nothing. In web admin however the usage count is increasing.

    I am also not seeing any entries for the attempt in the Log in WebAdmin

  • 0 in reply to Robert Reid

    This is a live command, so it needs to stay running while you try to access the service. 

    Maybe try: conntrack -E | grep 10.10.15.3

Reply Children
  • 0 in reply to LuCar Toni

    And check the license on the appliance. Do you have all subscriptions active? Especially, is the Base License active? 

  • 0 in reply to LuCar Toni

    Yes I have a valid subscriptions active. 

    Here is the output to conntrack.  note there is no port 80 form the source but there is a 44450 which is my Management port for WebAdmin And have no Idea where that is coming from as I am not trying to hit that from the device.

    XGS2100_RL01_SFOS 18.5.1 MR-1-Build318# conntrack -E | grep 10.10.15.3[J
    [DESTROY] proto=tcp proto-no=6 orig-src=10.10.15.3 orig-dst=192.168.112.3 orig-sport=60914 orig-dport=44450 packets=5 bytes=260 [UNREPLIED] reply-src=192.168.112.3 reply-dst=192.168.112.2 reply-sport=44450 reply-dport=60914 packets=0 bytes=0 mark=0x8001 id=2208533312 masterid=0 devin=br0.20 devout=Port2 nseid=83886749 ips=0 sslvpnid=0 webfltid=0 appfltid=0 icapid=0 policytype=1 fwid=5 natid=3 fw_action=1 bwid=0 appid=0 appcatid=0 hbappid=0 hbappcatid=0 dpioffload=0x1 sigoffload=0 inzone=1 outzone=2 devinindex=34 devoutindex=11 hb_src=0 hb_dst=1 flags0=0x800a2000200028 flags1=0x50004800000 flagvalues=3,5,21,37,41,43,55,87,90,104,106 catid=0 user=0 luserid=0 usergp=0 hotspotuserid=0 hotspotid=0 dst_mac=c8:4f:86:fc:00:05 src_mac=00:23:24:e6:f7:9e startstamp=1628614894 microflow[0]=INVALID microflow[1]=INVALID hostrev[0]=0 hostrev[1]=0 ipspid=0 diffserv=0 loindex=11 tlsruleid=0 ips_nfqueue=1 sess_verdict=0 gwoff=1 cluster_node=0 current_state[0]=220 current_state[1]=0 vlan_id=0 inmark=0x0 brinindex=0 sessionid=494 sessionidrev=26818 session_update_rev=7 dnat_done=0 upclass=0:0 dnclass=0:0 pbrid_dir0=0 pbrid_dir1=0 nhop_id[0]=65535 nhop_id[1]=5 nhop_rev[0]=0 nhop_rev[1]=0 conn_fp_id=NOT_OFFLOADED
    [DESTROY] proto=udp proto-no=17 orig-src=10.10.15.3 orig-dst=10.10.0.1 orig-sport=50153 orig-dport=53 packets=1 bytes=67 reply-src=10.10.0.1 reply-dst=10.10.15.3 reply-sport=53 reply-dport=50153 packets=1 bytes=195 id=2178904448 masterid=0 devin=br0.20 devout= nseid=0 ips=0 sslvpnid=0 webfltid=0 appfltid=0 icapid=0 policytype=0 fwid=0 natid=0 fw_action=0 bwid=0 appid=0 appcatid=0 hbappid=0 hbappcatid=0 dpioffload=0 sigoffload=0 inzone=1 outzone=4 devinindex=34 devoutindex=0 hb_src=0 hb_dst=0 flags0=0x2000200008 flags1=0x400000000 flagvalues=3,21,37,98 catid=0 user=0 luserid=0 usergp=0 hotspotuserid=0 hotspotid=0 dst_mac=c8:4f:86:fc:00:05 src_mac=00:23:24:e6:f7:9e startstamp=1628615003 microflow[0]=INVALID microflow[1]=INVALID hostrev[0]=0 hostrev[1]=0 ipspid=0 diffserv=0 loindex=34 tlsruleid=0 ips_nfqueue=0 sess_verdict=0 gwoff=0 cluster_node=0 current_state[0]=221 current_state[1]=221 vlan_id=0 inmark=0x0 brinindex=0 sessionid=444 sessionidrev=36616 session_update_rev=0 dnat_done=0 upclass=0:0 dnclass=0:0 pbrid_dir0=0 pbrid_dir1=0 conn_fp_id=NOT_OFFLOADED
    [DESTROY] proto=udp proto-no=17 orig-src=10.10.15.3 orig-dst=10.10.0.1 orig-sport=52065 orig-dport=53 packets=1 bytes=69 reply-src=10.10.0.1 reply-dst=10.10.15.3 reply-sport=53 reply-dport=52065 packets=1 bytes=199 id=2178901568 masterid=0 devin=br0.20 devout= nseid=0 ips=0 sslvpnid=0 webfltid=0 appfltid=0 icapid=0 policytype=0 fwid=0 natid=0 fw_action=0 bwid=0 appid=0 appcatid=0 hbappid=0 hbappcatid=0 dpioffload=0 sigoffload=0 inzone=1 outzone=4 devinindex=34 devoutindex=0 hb_src=0 hb_dst=0 flags0=0x2000200008 flags1=0x400000000 flagvalues=3,21,37,98 catid=0 user=0 luserid=0 usergp=0 hotspotuserid=0 hotspotid=0 dst_mac=c8:4f:86:fc:00:05 src_mac=00:23:24:e6:f7:9e startstamp=1628615002 microflow[0]=INVALID microflow[1]=INVALID hostrev[0]=0 hostrev[1]=0 ipspid=0 diffserv=0 loindex=34 tlsruleid=0 ips_nfqueue=0 sess_verdict=0 gwoff=0 cluster_node=0 current_state[0]=221 current_state[1]=221 vlan_id=0 inmark=0x0 brinindex=0 sessionid=435 sessionidrev=36618 session_update_rev=0 dnat_done=0 upclass=0:0 dnclass=0:0 pbrid_dir0=0 pbrid_dir1=0 conn_fp_id=NOT_OFFLOADED
    [NEW] proto=tcp proto-no=6 timeout=120 state=SYN_SENT orig-src=10.10.15.3 orig-dst=192.168.112.3 orig-sport=56189 orig-dport=44450 [UNREPLIED] reply-src=192.168.112.3 reply-dst=192.168.112.2 reply-sport=44450 reply-dport=56189 mark=0x8001 id=2505482880 masterid=0 devin=br0.20 devout=Port2 nseid=16777889 ips=0 sslvpnid=0 webfltid=0 appfltid=0 icapid=0 policytype=1 fwid=5 natid=3 fw_action=1 bwid=0 appid=0 appcatid=0 hbappid=0 hbappcatid=0 dpioffload=0x1 sigoffload=0 inzone=1 outzone=2 devinindex=34 devoutindex=11 hb_src=0 hb_dst=1 flags0=0x800a2000200028 flags1=0x50000800000 flagvalues=3,5,21,37,41,43,55,87,104,106 catid=0 user=0 luserid=0 usergp=0 hotspotuserid=0 hotspotid=0 dst_mac=c8:4f:86:fc:00:05 src_mac=00:23:24:e6:f7:9e startstamp=1628615038 microflow[0]=INVALID microflow[1]=INVALID hostrev[0]=0 hostrev[1]=0 ipspid=0 diffserv=0 loindex=11 tlsruleid=0 ips_nfqueue=1 sess_verdict=0 gwoff=1 cluster_node=0 current_state[0]=221 current_state[1]=0 vlan_id=0 inmark=0x0 brinindex=0 sessionid=309 sessionidrev=45690 session_update_rev=2 dnat_done=0 upclass=0:0 dnclass=0:0 pbrid_dir0=0 pbrid_dir1=0 nhop_id[0]=65535 nhop_id[1]=65535 nhop_rev[0]=0 nhop_rev[1]=0 conn_fp_id=NOT_OFFLOADED
    [NEW] proto=udp proto-no=17 timeout=30 orig-src=10.10.15.3 orig-dst=10.10.0.1 orig-sport=61024 orig-dport=53 [UNREPLIED] reply-src=10.10.0.1 reply-dst=10.10.15.3 reply-sport=53 reply-dport=61024 helper=dns id=2505483840 masterid=0 devin=br0.20 devout= nseid=0 ips=0 sslvpnid=0 webfltid=0 appfltid=0 icapid=0 policytype=0 fwid=0 natid=0 fw_action=0 bwid=0 appid=0 appcatid=0 hbappid=0 hbappcatid=0 dpioffload=0 sigoffload=0 inzone=1 outzone=4 devinindex=34 devoutindex=0 hb_src=0 hb_dst=0 flags0=0x2000200008 flags1=0x400000000 flagvalues=3,21,37,98 catid=0 user=0 luserid=0 usergp=0 hotspotuserid=0 hotspotid=0 dst_mac=c8:4f:86:fc:00:05 src_mac=00:23:24:e6:f7:9e startstamp=1628615052 microflow[0]=INVALID microflow[1]=INVALID hostrev[0]=0 hostrev[1]=0 ipspid=0 diffserv=0 loindex=34 tlsruleid=0 ips_nfqueue=0 sess_verdict=0 gwoff=0 cluster_node=0 current_state[0]=221 current_state[1]=0 vlan_id=0 inmark=0x0 brinindex=0 sessionid=307 sessionidrev=45690 session_update_rev=0 dnat_done=0 upclass=0:0 dnclass=0:0 pbrid_dir0=0 pbrid_dir1=0 conn_fp_id=NOT_OFFLOADED
    [UPDATE] proto=udp proto-no=17 timeout=30 orig-src=10.10.15.3 orig-dst=10.10.0.1 orig-sport=61024 orig-dport=53 reply-src=10.10.0.1 reply-dst=10.10.15.3 reply-sport=53 reply-dport=61024 helper=dns id=2505483840 masterid=0 devin=br0.20 devout= nseid=0 ips=0 sslvpnid=0 webfltid=0 appfltid=0 icapid=0 policytype=0 fwid=0 natid=0 fw_action=0 bwid=0 appid=0 appcatid=0 hbappid=0 hbappcatid=0 dpioffload=0 sigoffload=0 inzone=1 outzone=4 devinindex=34 devoutindex=0 hb_src=0 hb_dst=0 flags0=0x2000200008 flags1=0x400000000 flagvalues=3,21,37,98 catid=0 user=0 luserid=0 usergp=0 hotspotuserid=0 hotspotid=0 dst_mac=c8:4f:86:fc:00:05 src_mac=00:23:24:e6:f7:9e startstamp=1628615052 microflow[0]=INVALID microflow[1]=INVALID hostrev[0]=0 hostrev[1]=0 ipspid=0 diffserv=0 loindex=34 tlsruleid=0 ips_nfqueue=0 sess_verdict=0 gwoff=0 cluster_node=0 current_state[0]=221 current_state[1]=221 vlan_id=0 inmark=0x0 brinindex=0 sessionid=307 sessionidrev=45690 session_update_rev=0 dnat_done=0 upclass=0:0 dnclass=0:0 pbrid_dir0=0 pbrid_dir1=0 conn_fp_id=NOT_OFFLOADED
    [NEW] proto=tcp proto-no=6 timeout=120 state=SYN_SENT orig-src=10.10.15.3 orig-dst=38.91.40.26 orig-sport=58450 orig-dport=443 [UNREPLIED] reply-src=38.91.40.26 reply-dst=192.168.112.2 reply-sport=443 reply-dport=58450 mark=0x8001 id=2208532672 masterid=0 devin=br0.20 devout=Port2 nseid=16777907 ips=0 sslvpnid=0 webfltid=0 appfltid=0 icapid=0 policytype=1 fwid=5 natid=3 fw_action=1 bwid=0 appid=0 appcatid=0 hbappid=0 hbappcatid=0 dpioffload=0x1 sigoffload=0 inzone=1 outzone=2 devinindex=34 devoutindex=11 hb_src=0 hb_dst=1 flags0=0x800a2000200028 flags1=0x50000800000 flagvalues=3,5,21,37,41,43,55,87,104,106 catid=0 user=0 luserid=0 usergp=0 hotspotuserid=0 hotspotid=0 dst_mac=c8:4f:86:fc:00:05 src_mac=00:23:24:e6:f7:9e startstamp=1628615052 microflow[0]=INVALID microflow[1]=INVALID hostrev[0]=0 hostrev[1]=0 ipspid=0 diffserv=0 loindex=11 tlsruleid=0 ips_nfqueue=0 sess_verdict=0 gwoff=1 cluster_node=0 current_state[0]=221 current_state[1]=0 vlan_id=0 inmark=0x0 brinindex=0 sessionid=410 sessionidrev=37339 session_update_rev=2 dnat_done=0 upclass=0:0 dnclass=0:0 pbrid_dir0=0 pbrid_dir1=0 nhop_id[0]=65535 nhop_id[1]=65535 nhop_rev[0]=0 nhop_rev[1]=0 conn_fp_id=NOT_OFFLOADED
    [UPDATE] proto=tcp proto-no=6 timeout=60 state=SYN_RECV orig-src=10.10.15.3 orig-dst=38.91.40.26 orig-sport=58450 orig-dport=443 reply-src=38.91.40.26 reply-dst=192.168.112.2 reply-sport=443 reply-dport=58450 mark=0x8001 id=2208532672 masterid=0 devin=br0.20 devout=Port2 nseid=16777907 ips=0 sslvpnid=0 webfltid=0 appfltid=0 icapid=0 policytype=1 fwid=5 natid=3 fw_action=1 bwid=0 appid=0 appcatid=0 hbappid=0 hbappcatid=0 dpioffload=0x1 sigoffload=0 inzone=1 outzone=2 devinindex=34 devoutindex=11 hb_src=0 hb_dst=1 flags0=0x800a2000200028 flags1=0x50000800000 flagvalues=3,5,21,37,41,43,55,87,104,106 catid=0 user=0 luserid=0 usergp=0 hotspotuserid=0 hotspotid=0 dst_mac=c8:4f:86:fc:00:05 src_mac=00:23:24:e6:f7:9e startstamp=1628615052 microflow[0]=INVALID microflowid[1]=130180 microflowrev[1]=0 hostrev[0]=0 hostrev[1]=1 ipspid=0 diffserv=0 loindex=11 tlsruleid=0 ips_nfqueue=0 sess_verdict=0 gwoff=1 cluster_node=0 current_state[0]=221 current_state[1]=221 vlan_id=0 inmark=0x0 brinindex=0 sessionid=410 sessionidrev=37339 session_update_rev=2 dnat_done=0 upclass=0:0 dnclass=0:0 pbrid_dir0=0 pbrid_dir1=0 nhop_id[0]=6 nhop_id[1]=65535 nhop_rev[0]=0 nhop_rev[1]=0 conn_fp_id=NOT_OFFLOADED
    [UPDATE] proto=tcp proto-no=6 timeout=10800 state=ESTABLISHED orig-src=10.10.15.3 orig-dst=38.91.40.26 orig-sport=58450 orig-dport=443 reply-src=38.91.40.26 reply-dst=192.168.112.2 reply-sport=443 reply-dport=58450 [ASSURED] mark=0x8001 id=2208532672 masterid=0 devin=br0.20 devout=Port2 nseid=16777907 ips=0 sslvpnid=0 webfltid=0 appfltid=0 icapid=0 policytype=1 fwid=5 natid=3 fw_action=1 bwid=0 appid=0 appcatid=0 hbappid=0 hbappcatid=0 dpioffload=0x1 sigoffload=0 inzone=1 outzone=2 devinindex=34 devoutindex=11 hb_src=0 hb_dst=1 flags0=0x800a2000200028 flags1=0x50000800000 flagvalues=3,5,21,37,41,43,55,87,104,106 catid=0 user=0 luserid=0 usergp=0 hotspotuserid=0 hotspotid=0 dst_mac=c8:4f:86:fc:00:05 src_mac=00:23:24:e6:f7:9e startstamp=1628615052 microflow[0]=INVALID microflowid[1]=130180 microflowrev[1]=0 hostrev[0]=0 hostrev[1]=1 ipspid=0 diffserv=0 loindex=11 tlsruleid=0 ips_nfqueue=0 sess_verdict=0 gwoff=1 cluster_node=0 current_state[0]=221 current_state[1]=221 vlan_id=0 inmark=0x0 brinindex=0 sessionid=410 sessionidrev=37339 session_update_rev=2 dnat_done=0 upclass=0:0 dnclass=0:0 pbrid_dir0=0 pbrid_dir1=0 nhop_id[0]=6 nhop_id[1]=65535 nhop_rev[0]=0 nhop_rev[1]=0 conn_fp_id=NOT_OFFLOADED
    [UPDATE] proto=tcp proto-no=6 timeout=120 state=FIN_WAIT orig-src=10.10.15.3 orig-dst=38.91.40.26 orig-sport=58450 orig-dport=443 reply-src=38.91.40.26 reply-dst=192.168.112.2 reply-sport=443 reply-dport=58450 [ASSURED] mark=0x8001 id=2208532672 masterid=0 devin=br0.20 devout=Port2 nseid=16777907 ips=0 sslvpnid=0 webfltid=0 appfltid=0 icapid=0 policytype=1 fwid=5 natid=3 fw_action=1 bwid=0 appid=100 appcatid=5 hbappid=0 hbappcatid=0 dpioffload=0xd sigoffload=0 inzone=1 outzone=2 devinindex=34 devoutindex=11 hb_src=0 hb_dst=1 flags0=0x800a2000200028 flags1=0x50104800000 flagvalues=3,5,21,37,41,43,55,87,90,96,104,106 catid=0 user=0 luserid=0 usergp=0 hotspotuserid=0 hotspotid=0 dst_mac=c8:4f:86:fc:00:05 src_mac=00:23:24:e6:f7:9e startstamp=1628615052 microflow[0]=INVALID microflowid[1]=130180 microflowrev[1]=0 hostrev[0]=0 hostrev[1]=1 ipspid=0 diffserv=0 loindex=11 tlsruleid=0 ips_nfqueue=0 sess_verdict=0 gwoff=1 cluster_node=0 current_state[0]=221 current_state[1]=221 vlan_id=0 inmark=0x0 brinindex=0 sessionid=410 sessionidrev=37339 session_update_rev=8 dnat_done=0 upclass=0:0 dnclass=0:0 pbrid_dir0=0 pbrid_dir1=0 nhop_id[0]=6 nhop_id[1]=65535 nhop_rev[0]=0 nhop_rev[1]=0 conn_fp_id=NOT_OFFLOADED
    [NEW] proto=tcp proto-no=6 timeout=120 state=SYN_SENT orig-src=10.10.15.3 orig-dst=192.211.124.69 orig-sport=58451 orig-dport=443 [UNREPLIED] reply-src=192.211.124.69 reply-dst=192.168.112.2 reply-sport=443 reply-dport=58451 mark=0x8001 id=3119435200 masterid=0 devin=br0.20 devout=Port2 nseid=16777947 ips=0 sslvpnid=0 webfltid=0 appfltid=0 icapid=0 policytype=1 fwid=5 natid=3 fw_action=1 bwid=0 appid=0 appcatid=0 hbappid=0 hbappcatid=0 dpioffload=0x1 sigoffload=0 inzone=1 outzone=2 devinindex=34 devoutindex=11 hb_src=0 hb_dst=1 flags0=0x800a2000200028 flags1=0x50000800000 flagvalues=3,5,21,37,41,43,55,87,104,106 catid=0 user=0 luserid=0 usergp=0 hotspotuserid=0 hotspotid=0 dst_mac=c8:4f:86:fc:00:05 src_mac=00:23:24:e6:f7:9e startstamp=1628615053 microflow[0]=INVALID microflow[1]=INVALID hostrev[0]=0 hostrev[1]=0 ipspid=0 diffserv=0 loindex=11 tlsruleid=0 ips_nfqueue=2 sess_verdict=0 gwoff=1 cluster_node=0 current_state[0]=221 current_state[1]=0 vlan_id=0 inmark=0x0 brinindex=0 sessionid=2340 sessionidrev=17878 session_update_rev=2 dnat_done=0 upclass=0:0 dnclass=0:0 pbrid_dir0=0 pbrid_dir1=0 nhop_id[0]=65535 nhop_id[1]=65535 nhop_rev[0]=0 nhop_rev[1]=0 conn_fp_id=NOT_OFFLOADED
    [UPDATE] proto=tcp proto-no=6 timeout=120 state=LAST_ACK orig-src=10.10.15.3 orig-dst=38.91.40.26 orig-sport=58450 orig-dport=443 reply-src=38.91.40.26 reply-dst=192.168.112.2 reply-sport=443 reply-dport=58450 [ASSURED] mark=0x8001 id=2208532672 masterid=0 devin=br0.20 devout=Port2 nseid=16777907 ips=0 sslvpnid=0 webfltid=0 appfltid=0 icapid=0 policytype=1 fwid=5 natid=3 fw_action=1 bwid=0 appid=100 appcatid=5 hbappid=0 hbappcatid=0 dpioffload=0xd sigoffload=0 inzone=1 outzone=2 devinindex=34 devoutindex=11 hb_src=0 hb_dst=1 flags0=0x800a2000200028 flags1=0x50104800000 flagvalues=3,5,21,37,41,43,55,87,90,96,104,106 catid=0 user=0 luserid=0 usergp=0 hotspotuserid=0 hotspotid=0 dst_mac=c8:4f:86:fc:00:05 src_mac=00:23:24:e6:f7:9e startstamp=1628615052 microflow[0]=INVALID microflowid[1]=130180 microflowrev[1]=0 hostrev[0]=0 hostrev[1]=1 ipspid=0 diffserv=0 loindex=11 tlsruleid=0 ips_nfqueue=0 sess_verdict=0 gwoff=1 cluster_node=0 current_state[0]=221 current_state[1]=221 vlan_id=0 inmark=0x0 brinindex=0 sessionid=410 sessionidrev=37339 session_update_rev=8 dnat_done=0 upclass=0:0 dnclass=0:0 pbrid_dir0=0 pbrid_dir1=0 nhop_id[0]=6 nhop_id[1]=65535 nhop_rev[0]=0 nhop_rev[1]=0 conn_fp_id=NOT_OFFLOADED
    [UPDATE] proto=tcp proto-no=6 timeout=10 state=TIME_WAIT orig-src=10.10.15.3 orig-dst=38.91.40.26 orig-sport=58450 orig-dport=443 reply-src=38.91.40.26 reply-dst=192.168.112.2 reply-sport=443 reply-dport=58450 [ASSURED] mark=0x8001 id=2208532672 masterid=0 devin=br0.20 devout=Port2 nseid=16777907 ips=0 sslvpnid=0 webfltid=0 appfltid=0 icapid=0 policytype=1 fwid=5 natid=3 fw_action=1 bwid=0 appid=100 appcatid=5 hbappid=0 hbappcatid=0 dpioffload=0x1d sigoffload=0 inzone=1 outzone=2 devinindex=34 devoutindex=11 hb_src=0 hb_dst=1 flags0=0x800a2000200028 flags1=0x50104800000 flagvalues=3,5,21,37,41,43,55,87,90,96,104,106 catid=0 user=0 luserid=0 usergp=0 hotspotuserid=0 hotspotid=0 dst_mac=c8:4f:86:fc:00:05 src_mac=00:23:24:e6:f7:9e startstamp=1628615052 microflow[0]=INVALID microflowid[1]=130180 microflowrev[1]=0 hostrev[0]=0 hostrev[1]=1 ipspid=0 diffserv=0 loindex=11 tlsruleid=0 ips_nfqueue=0 sess_verdict=0 gwoff=1 cluster_node=0 current_state[0]=221 current_state[1]=221 vlan_id=0 inmark=0x0 brinindex=0 sessionid=410 sessionidrev=37339 session_update_rev=9 dnat_done=0 upclass=0:0 dnclass=0:0 pbrid_dir0=0 pbrid_dir1=0 nhop_id[0]=6 nhop_id[1]=65535 nhop_rev[0]=0 nhop_rev[1]=0 conn_fp_id=NOT_OFFLOADED
    [UPDATE] proto=tcp proto-no=6 timeout=60 state=SYN_RECV orig-src=10.10.15.3 orig-dst=192.211.124.69 orig-sport=58451 orig-dport=443 reply-src=192.211.124.69 reply-dst=192.168.112.2 reply-sport=443 reply-dport=58451 mark=0x8001 id=3119435200 masterid=0 devin=br0.20 devout=Port2 nseid=16777947 ips=0 sslvpnid=0 webfltid=0 appfltid=0 icapid=0 policytype=1 fwid=5 natid=3 fw_action=1 bwid=0 appid=0 appcatid=0 hbappid=0 hbappcatid=0 dpioffload=0x1 sigoffload=0 inzone=1 outzone=2 devinindex=34 devoutindex=11 hb_src=0 hb_dst=1 flags0=0x800a2000200028 flags1=0x50000800000 flagvalues=3,5,21,37,41,43,55,87,104,106 catid=0 user=0 luserid=0 usergp=0 hotspotuserid=0 hotspotid=0 dst_mac=c8:4f:86:fc:00:05 src_mac=00:23:24:e6:f7:9e startstamp=1628615053 microflow[0]=INVALID microflowid[1]=130323 microflowrev[1]=0 hostrev[0]=0 hostrev[1]=1 ipspid=0 diffserv=0 loindex=11 tlsruleid=0 ips_nfqueue=2 sess_verdict=0 gwoff=1 cluster_node=0 current_state[0]=221 current_state[1]=221 vlan_id=0 inmark=0x0 brinindex=0 sessionid=2340 sessionidrev=17878 session_update_rev=2 dnat_done=0 upclass=0:0 dnclass=0:0 pbrid_dir0=0 pbrid_dir1=0 nhop_id[0]=6 nhop_id[1]=65535 nhop_rev[0]=0 nhop_rev[1]=0 conn_fp_id=NOT_OFFLOADED
    [UPDATE] proto=tcp proto-no=6 timeout=10800 state=ESTABLISHED orig-src=10.10.15.3 orig-dst=192.211.124.69 orig-sport=58451 orig-dport=443 reply-src=192.211.124.69 reply-dst=192.168.112.2 reply-sport=443 reply-dport=58451 [ASSURED] mark=0x8001 id=3119435200 masterid=0 devin=br0.20 devout=Port2 nseid=16777947 ips=0 sslvpnid=0 webfltid=0 appfltid=0 icapid=0 policytype=1 fwid=5 natid=3 fw_action=1 bwid=0 appid=0 appcatid=0 hbappid=0 hbappcatid=0 dpioffload=0x1 sigoffload=0 inzone=1 outzone=2 devinindex=34 devoutindex=11 hb_src=0 hb_dst=1 flags0=0x800a2000200028 flags1=0x50000800000 flagvalues=3,5,21,37,41,43,55,87,104,106 catid=0 user=0 luserid=0 usergp=0 hotspotuserid=0 hotspotid=0 dst_mac=c8:4f:86:fc:00:05 src_mac=00:23:24:e6:f7:9e startstamp=1628615053 microflow[0]=INVALID microflowid[1]=130323 microflowrev[1]=0 hostrev[0]=0 hostrev[1]=1 ipspid=0 diffserv=0 loindex=11 tlsruleid=0 ips_nfqueue=2 sess_verdict=0 gwoff=1 cluster_node=0 current_state[0]=221 current_state[1]=221 vlan_id=0 inmark=0x0 brinindex=0 sessionid=2340 sessionidrev=17878 session_update_rev=2 dnat_done=0 upclass=0:0 dnclass=0:0 pbrid_dir0=0 pbrid_dir1=0 nhop_id[0]=6 nhop_id[1]=65535 nhop_rev[0]=0 nhop_rev[1]=0 conn_fp_id=NOT_OFFLOADED
    [UPDATE] proto=tcp proto-no=6 timeout=120 state=FIN_WAIT orig-src=10.10.15.3 orig-dst=192.211.124.69 orig-sport=58451 orig-dport=443 reply-src=192.211.124.69 reply-dst=192.168.112.2 reply-sport=443 reply-dport=58451 [ASSURED] mark=0x8001 id=3119435200 masterid=0 devin=br0.20 devout=Port2 nseid=16777947 ips=0 sslvpnid=0 webfltid=0 appfltid=0 icapid=0 policytype=1 fwid=5 natid=3 fw_action=1 bwid=0 appid=100 appcatid=5 hbappid=0 hbappcatid=0 dpioffload=0x1d sigoffload=0 inzone=1 outzone=2 devinindex=34 devoutindex=11 hb_src=0 hb_dst=1 flags0=0x800a2000200028 flags1=0x50104800000 flagvalues=3,5,21,37,41,43,55,87,90,96,104,106 catid=0 user=0 luserid=0 usergp=0 hotspotuserid=0 hotspotid=0 dst_mac=c8:4f:86:fc:00:05 src_mac=00:23:24:e6:f7:9e startstamp=1628615053 microflow[0]=INVALID microflowid[1]=130323 microflowrev[1]=0 hostrev[0]=0 hostrev[1]=1 ipspid=0 diffserv=0 loindex=11 tlsruleid=0 ips_nfqueue=2 sess_verdict=0 gwoff=1 cluster_node=0 current_state[0]=221 current_state[1]=221 vlan_id=0 inmark=0x0 brinindex=0 sessionid=2340 sessionidrev=17878 session_update_rev=9 dnat_done=0 upclass=0:0 dnclass=0:0 pbrid_dir0=0 pbrid_dir1=0 nhop_id[0]=6 nhop_id[1]=65535 nhop_rev[0]=0 nhop_rev[1]=0 conn_fp_id=NOT_OFFLOADED
    [UPDATE] proto=tcp proto-no=6 timeout=120 state=LAST_ACK orig-src=10.10.15.3 orig-dst=192.211.124.69 orig-sport=58451 orig-dport=443 reply-src=192.211.124.69 reply-dst=192.168.112.2 reply-sport=443 reply-dport=58451 [ASSURED] mark=0x8001 id=3119435200 masterid=0 devin=br0.20 devout=Port2 nseid=16777947 ips=0 sslvpnid=0 webfltid=0 appfltid=0 icapid=0 policytype=1 fwid=5 natid=3 fw_action=1 bwid=0 appid=100 appcatid=5 hbappid=0 hbappcatid=0 dpioffload=0x3f sigoffload=0 inzone=1 outzone=2 devinindex=34 devoutindex=11 hb_src=0 hb_dst=1 flags0=0x800a2000200028 flags1=0x50106800000 flagvalues=3,5,21,37,41,43,55,87,89,90,96,104,106 catid=0 user=0 luserid=0 usergp=0 hotspotuserid=0 hotspotid=0 dst_mac=c8:4f:86:fc:00:05 src_mac=00:23:24:e6:f7:9e startstamp=1628615053 microflow[0]=INVALID microflowid[1]=130323 microflowrev[1]=0 hostrev[0]=0 hostrev[1]=1 ipspid=0 diffserv=0 loindex=11 tlsruleid=0 ips_nfqueue=2 sess_verdict=2 gwoff=1 cluster_node=0 current_state[0]=221 current_state[1]=221 vlan_id=0 inmark=0x0 brinindex=0 sessionid=2340 sessionidrev=17878 session_update_rev=11 dnat_done=0 upclass=0:0 dnclass=0:0 pbrid_dir0=0 pbrid_dir1=0 nhop_id[0]=6 nhop_id[1]=65535 nhop_rev[0]=0 nhop_rev[1]=0 conn_fp_id=NOT_OFFLOADED
    [UPDATE] proto=tcp proto-no=6 timeout=10 state=CLOSE orig-src=10.10.15.3 orig-dst=192.211.124.69 orig-sport=58451 orig-dport=443 reply-src=192.211.124.69 reply-dst=192.168.112.2 reply-sport=443 reply-dport=58451 [ASSURED] mark=0x8001 id=3119435200 masterid=0 devin=br0.20 devout=Port2 nseid=16777947 ips=0 sslvpnid=0 webfltid=0 appfltid=0 icapid=0 policytype=1 fwid=5 natid=3 fw_action=1 bwid=0 appid=100 appcatid=5 hbappid=0 hbappcatid=0 dpioffload=0x3f sigoffload=0 inzone=1 outzone=2 devinindex=34 devoutindex=11 hb_src=0 hb_dst=1 flags0=0x800a2000200028 flags1=0x50106800000 flagvalues=3,5,21,37,41,43,55,87,89,90,96,104,106 catid=0 user=0 luserid=0 usergp=0 hotspotuserid=0 hotspotid=0 dst_mac=c8:4f:86:fc:00:05 src_mac=00:23:24:e6:f7:9e startstamp=1628615053 microflow[0]=INVALID microflowid[1]=130323 microflowrev[1]=0 hostrev[0]=0 hostrev[1]=1 ipspid=0 diffserv=0 loindex=11 tlsruleid=0 ips_nfqueue=2 sess_verdict=2 gwoff=1 cluster_node=0 current_state[0]=221 current_state[1]=221 vlan_id=0 inmark=0x0 brinindex=0 sessionid=2340 sessionidrev=17878 session_update_rev=11 dnat_done=0 upclass=0:0 dnclass=0:0 pbrid_dir0=0 pbrid_dir1=0 nhop_id[0]=6 nhop_id[1]=65535 nhop_rev[0]=0 nhop_rev[1]=0 conn_fp_id=NOT_OFFLOADED
    [UPDATE] proto=tcp proto-no=6 timeout=120 state=FIN_WAIT orig-src=10.10.15.3 orig-dst=52.202.168.65 orig-sport=49170 orig-dport=443 reply-src=52.202.168.65 reply-dst=192.168.112.2 reply-sport=443 reply-dport=49170 [ASSURED] mark=0x8001 id=2208531072 masterid=0 devin=br0.20 devout=Port2 nseid=16777945 ips=0 sslvpnid=0 webfltid=0 appfltid=0 icapid=0 policytype=1 fwid=5 natid=3 fw_action=1 bwid=0 appid=100 appcatid=5 hbappid=0 hbappcatid=0 dpioffload=0x2d sigoffload=0 inzone=1 outzone=2 devinindex=34 devoutindex=11 hb_src=0 hb_dst=1 flags0=0x800a2000200028 flags1=0x50104800000 flagvalues=3,5,21,37,41,43,55,87,90,96,104,106 catid=0 user=0 luserid=0 usergp=0 hotspotuserid=0 hotspotid=0 dst_mac=c8:4f:86:fc:00:05 src_mac=00:23:24:e6:f7:9e startstamp=1628615002 microflow[0]=INVALID microflowid[1]=130582 microflowrev[1]=0 hostrev[0]=0 hostrev[1]=2 ipspid=0 diffserv=0 loindex=11 tlsruleid=0 ips_nfqueue=2 sess_verdict=0 gwoff=1 cluster_node=0 current_state[0]=221 current_state[1]=221 vlan_id=0 inmark=0x0 brinindex=0 sessionid=409 sessionidrev=37329 session_update_rev=9 dnat_done=0 upclass=0:0 dnclass=0:0 pbrid_dir0=0 pbrid_dir1=0 nhop_id[0]=6 nhop_id[1]=65535 nhop_rev[0]=0 nhop_rev[1]=0 conn_fp_id=NOT_OFFLOADED
    [UPDATE] proto=tcp proto-no=6 timeout=10 state=CLOSE_WAIT orig-src=10.10.15.3 orig-dst=52.202.168.65 orig-sport=49170 orig-dport=443 reply-src=52.202.168.65 reply-dst=192.168.112.2 reply-sport=443 reply-dport=49170 [ASSURED] mark=0x8001 id=2208531072 masterid=0 devin=br0.20 devout=Port2 nseid=16777945 ips=0 sslvpnid=0 webfltid=0 appfltid=0 icapid=0 policytype=1 fwid=5 natid=3 fw_action=1 bwid=0 appid=100 appcatid=5 hbappid=0 hbappcatid=0 dpioffload=0x2d sigoffload=0 inzone=1 outzone=2 devinindex=34 devoutindex=11 hb_src=0 hb_dst=1 flags0=0x800a2000200028 flags1=0x50104800000 flagvalues=3,5,21,37,41,43,55,87,90,96,104,106 catid=0 user=0 luserid=0 usergp=0 hotspotuserid=0 hotspotid=0 dst_mac=c8:4f:86:fc:00:05 src_mac=00:23:24:e6:f7:9e startstamp=1628615002 microflow[0]=INVALID microflowid[1]=130582 microflowrev[1]=0 hostrev[0]=0 hostrev[1]=2 ipspid=0 diffserv=0 loindex=11 tlsruleid=0 ips_nfqueue=2 sess_verdict=0 gwoff=1 cluster_node=0 current_state[0]=221 current_state[1]=221 vlan_id=0 inmark=0x0 brinindex=0 sessionid=409 sessionidrev=37329 session_update_rev=9 dnat_done=0 upclass=0:0 dnclass=0:0 pbrid_dir0=0 pbrid_dir1=0 nhop_id[0]=6 nhop_id[1]=65535 nhop_rev[0]=0 nhop_rev[1]=0 conn_fp_id=NOT_OFFLOADED
    [UPDATE] proto=tcp proto-no=6 timeout=120 state=FIN_WAIT orig-src=10.10.15.3 orig-dst=3.232.242.170 orig-sport=49171 orig-dport=443 reply-src=3.232.242.170 reply-dst=192.168.112.2 reply-sport=443 reply-dport=49171 [ASSURED] mark=0x8001 id=3119434560 masterid=0 devin=br0.20 devout=Port2 nseid=16777900 ips=0 sslvpnid=0 webfltid=0 appfltid=0 icapid=0 policytype=1 fwid=5 natid=3 fw_action=1 bwid=0 appid=100 appcatid=5 hbappid=0 hbappcatid=0 dpioffload=0x3f sigoffload=0 inzone=1 outzone=2 devinindex=34 devoutindex=11 hb_src=0 hb_dst=1 flags0=0x800a2000200028 flags1=0x50106800000 flagvalues=3,5,21,37,41,43,55,87,89,90,96,104,106 catid=0 user=0 luserid=0 usergp=0 hotspotuserid=0 hotspotid=0 dst_mac=c8:4f:86:fc:00:05 src_mac=00:23:24:e6:f7:9e startstamp=1628615003 microflow[0]=INVALID microflowid[1]=130458 microflowrev[1]=0 hostrev[0]=0 hostrev[1]=2 ipspid=0 diffserv=0 loindex=11 tlsruleid=0 ips_nfqueue=3 sess_verdict=2 gwoff=1 cluster_node=0 current_state[0]=221 current_state[1]=221 vlan_id=0 inmark=0x0 brinindex=0 sessionid=2344 sessionidrev=17866 session_update_rev=11 dnat_done=0 upclass=0:0 dnclass=0:0 pbrid_dir0=0 pbrid_dir1=0 nhop_id[0]=6 nhop_id[1]=65535 nhop_rev[0]=0 nhop_rev[1]=0 conn_fp_id=NOT_OFFLOADED
    [UPDATE] proto=tcp proto-no=6 timeout=10 state=CLOSE_WAIT orig-src=10.10.15.3 orig-dst=3.232.242.170 orig-sport=49171 orig-dport=443 reply-src=3.232.242.170 reply-dst=192.168.112.2 reply-sport=443 reply-dport=49171 [ASSURED] mark=0x8001 id=3119434560 masterid=0 devin=br0.20 devout=Port2 nseid=16777900 ips=0 sslvpnid=0 webfltid=0 appfltid=0 icapid=0 policytype=1 fwid=5 natid=3 fw_action=1 bwid=0 appid=100 appcatid=5 hbappid=0 hbappcatid=0 dpioffload=0x3f sigoffload=0 inzone=1 outzone=2 devinindex=34 devoutindex=11 hb_src=0 hb_dst=1 flags0=0x800a2000200028 flags1=0x50106800000 flagvalues=3,5,21,37,41,43,55,87,89,90,96,104,106 catid=0 user=0 luserid=0 usergp=0 hotspotuserid=0 hotspotid=0 dst_mac=c8:4f:86:fc:00:05 src_mac=00:23:24:e6:f7:9e startstamp=1628615003 microflow[0]=INVALID microflowid[1]=130458 microflowrev[1]=0 hostrev[0]=0 hostrev[1]=2 ipspid=0 diffserv=0 loindex=11 tlsruleid=0 ips_nfqueue=3 sess_verdict=2 gwoff=1 cluster_node=0 current_state[0]=221 current_state[1]=221 vlan_id=0 inmark=0x0 brinindex=0 sessionid=2344 sessionidrev=17866 session_update_rev=11 dnat_done=0 upclass=0:0 dnclass=0:0 pbrid_dir0=0 pbrid_dir1=0 nhop_id[0]=6 nhop_id[1]=65535 nhop_rev[0]=0 nhop_rev[1]=0 conn_fp_id=NOT_OFFLOADED
    [DESTROY] proto=tcp proto-no=6 orig-src=10.10.15.3 orig-dst=192.211.124.69 orig-sport=58451 orig-dport=443 packets=11 bytes=1702 reply-src=192.211.124.69 reply-dst=192.168.112.2 reply-sport=443 reply-dport=58451 packets=10 bytes=3095 [ASSURED] mark=0x8001 id=3119435200 masterid=0 devin=br0.20 devout=Port2 nseid=16777947 ips=0 sslvpnid=0 webfltid=0 appfltid=0 icapid=0 policytype=1 fwid=5 natid=3 fw_action=1 bwid=0 appid=100 appcatid=5 hbappid=0 hbappcatid=0 dpioffload=0x3f sigoffload=0 inzone=1 outzone=2 devinindex=34 devoutindex=11 hb_src=0 hb_dst=1 flags0=0x800a2000200028 flags1=0x50106800000 flagvalues=3,5,21,37,41,43,55,87,89,90,96,104,106 catid=0 user=0 luserid=0 usergp=0 hotspotuserid=0 hotspotid=0 dst_mac=c8:4f:86:fc:00:05 src_mac=00:23:24:e6:f7:9e startstamp=1628615053 microflow[0]=INVALID microflowid[1]=130323 microflowrev[1]=0 hostrev[0]=0 hostrev[1]=1 ipspid=0 diffserv=0 loindex=11 tlsruleid=0 ips_nfqueue=2 sess_verdict=2 gwoff=1 cluster_node=0 current_state[0]=221 current_state[1]=221 vlan_id=0 inmark=0x0 brinindex=0 sessionid=2340 sessionidrev=17878 session_update_rev=11 dnat_done=0 upclass=0:0 dnclass=0:0 pbrid_dir0=0 pbrid_dir1=0 nhop_id[0]=6 nhop_id[1]=65535 nhop_rev[0]=0 nhop_rev[1]=0 conn_fp_id=NOT_OFFLOADED
    [DESTROY] proto=tcp proto-no=6 orig-src=10.10.15.3 orig-dst=38.91.40.26 orig-sport=58450 orig-dport=443 packets=10 bytes=1768 reply-src=38.91.40.26 reply-dst=192.168.112.2 reply-sport=443 reply-dport=58450 packets=9 bytes=3705 [ASSURED] mark=0x8001 id=2208532672 masterid=0 devin=br0.20 devout=Port2 nseid=16777907 ips=0 sslvpnid=0 webfltid=0 appfltid=0 icapid=0 policytype=1 fwid=5 natid=3 fw_action=1 bwid=0 appid=100 appcatid=5 hbappid=0 hbappcatid=0 dpioffload=0x1d sigoffload=0 inzone=1 outzone=2 devinindex=34 devoutindex=11 hb_src=0 hb_dst=1 flags0=0x800a2000200028 flags1=0x50104800000 flagvalues=3,5,21,37,41,43,55,87,90,96,104,106 catid=0 user=0 luserid=0 usergp=0 hotspotuserid=0 hotspotid=0 dst_mac=c8:4f:86:fc:00:05 src_mac=00:23:24:e6:f7:9e startstamp=1628615052 microflow[0]=INVALID microflowid[1]=130180 microflowrev[1]=0 hostrev[0]=0 hostrev[1]=1 ipspid=0 diffserv=0 loindex=11 tlsruleid=0 ips_nfqueue=0 sess_verdict=0 gwoff=1 cluster_node=0 current_state[0]=221 current_state[1]=221 vlan_id=0 inmark=0x0 brinindex=0 sessionid=410 sessionidrev=37339 session_update_rev=9 dnat_done=0 upclass=0:0 dnclass=0:0 pbrid_dir0=0 pbrid_dir1=0 nhop_id[0]=6 nhop_id[1]=65535 nhop_rev[0]=0 nhop_rev[1]=0 conn_fp_id=NOT_OFFLOADED
    [DESTROY] proto=tcp proto-no=6 orig-src=10.10.15.3 orig-dst=192.168.112.3 orig-sport=49192 orig-dport=44450 packets=5 bytes=260 [UNREPLIED] reply-src=192.168.112.3 reply-dst=192.168.112.2 reply-sport=44450 reply-dport=49192 packets=0 bytes=0 mark=0x8001 id=3119433600 masterid=0 devin=br0.20 devout=Port2 nseid=83886767 ips=0 sslvpnid=0 webfltid=0 appfltid=0 icapid=0 policytype=1 fwid=5 natid=3 fw_action=1 bwid=0 appid=0 appcatid=0 hbappid=0 hbappcatid=0 dpioffload=0x1 sigoffload=0 inzone=1 outzone=2 devinindex=34 devoutindex=11 hb_src=0 hb_dst=1 flags0=0x800a2000200028 flags1=0x50004800000 flagvalues=3,5,21,37,41,43,55,87,90,104,106 catid=0 user=0 luserid=0 usergp=0 hotspotuserid=0 hotspotid=0 dst_mac=c8:4f:86:fc:00:05 src_mac=00:23:24:e6:f7:9e startstamp=1628614935 microflow[0]=INVALID microflow[1]=INVALID hostrev[0]=0 hostrev[1]=0 ipspid=0 diffserv=0 loindex=11 tlsruleid=0 ips_nfqueue=0 sess_verdict=0 gwoff=1 cluster_node=0 current_state[0]=220 current_state[1]=0 vlan_id=0 inmark=0x0 brinindex=0 sessionid=2341 sessionidrev=17870 session_update_rev=7 dnat_done=0 upclass=0:0 dnclass=0:0 pbrid_dir0=0 pbrid_dir1=0 nhop_id[0]=65535 nhop_id[1]=5 nhop_rev[0]=0 nhop_rev[1]=0 conn_fp_id=NOT_OFFLOADED
    ^Cconntrack v1.4.5 (conntrack-tools): 204 flow events have been shown.

  • 0 in reply to Robert Reid

    Odd enough, that you are not seeing any connection, i have a feeling about this: The firewall rule, you are using: Is it the same firewall rule, you are using from external to internal (DNAT) and do you have anything other selected there? For example web filtering or scanning of web etc? 

  • 0 in reply to LuCar Toni

    Yes the Firewall rule is is the Same for the External to internal DNAT (seen above).  There are no services enabled only logging turned on

  • 0 in reply to Robert Reid

    And this rule, beside of the actual small counter, works from external. Because i would expect more data to flow, if you are talking about HTTP. 

    I am oddly confused, that the connection is not loaded in the conntrack. That should be there. You should see the connection in Conntrack. But you see the connection in the logviewer, correct? The NAT and Firewall rule is fine there? You should see it via mouse over.

    To summarize: Without SNAT i cannot work. There has to be a SNAT, otherwise it wont work. But the SNAT, however does not hit, no matter what you configure. 

  • 0 in reply to LuCar Toni

    The counter is not increasing on the rule but is on the NAT rule. No I am not seeing the traffic in the logviewer.  I'm just as confused as from this machine I can hit the Management using the WAN IP Address of .2 and it comes up like I am on the inside network which I am.

  • 0 in reply to Robert Reid

    I have the strong feeling there is something odd going on in your setup. You should contact support to get this more analyzed. I think, there is something going on, which is oddly enough.

    Do you have multiple HA Clusters in your setup? 

  • 0 in reply to LuCar Toni

    I already have a ticket open with support for this issue. This is the only HA cluster we have other than the SG cluster that is being replaced by these ones. Originally I was having issues with traffic between VLANs but that was corrected by MR1. I won't be able to put these into production until I can get this fixed.

    I appreciate and thank you for the time you have taken to try to assist.

  • 0 in reply to Robert Reid

    Go to the HA Cluster Config and change the Cluster ID.