Routing Problem on XG19.0.0

Question

I have a problem where I am unable to ping google and it somehow seems as the firewall is missing a route back to my client. My client is inside a VLAN (172.16.87.99) and from the traffic below I can see that it correctly routes to the gateway address on port2 192.168.1.2 and that google responsd to this ip on port2. But now it is not routing back to port 8 and my VLAN. Has anybody any clue why? What am I missing? 
 tcpdump output: 
 11:33:14.491984 Port8, IN: ethertype IPv4, IP 172.16.87.99 > dns.google: ICMP echo request, id 1, seq 413, length 40 11:33:14.491984 ITD_LAG01, IN: ethertype IPv4, IP 172.16.87.99 > dns.google: ICMP echo request, id 1, seq 413, length 40 11:33:14.491984 ITD_LAG01.87, IN: IP 172.16.87.99 > dns.google: ICMP echo request, id 1, seq 413, length 40 11:33:14.492096 Port2, OUT: IP 172.16.87.99 > dns.google: ICMP echo request, id 1, seq 413, length 40 11:33:23.431003 Port8, IN: ethertype IPv4, IP 172.16.87.99 > dns.google: ICMP echo request, id 1, seq 414, length 40 11:33:23.431003 ITD_LAG01, IN: ethertype IPv4, IP 172.16.87.99 > dns.google: ICMP echo request, id 1, seq 414, length 40 11:33:23.431003 ITD_LAG01.87, IN: IP 172.16.87.99 > dns.google: ICMP echo request, id 1, seq 414, length 40 11:33:23.431035 Port2, OUT: IP 172.16.87.99 > dns.google: ICMP echo request, id 1, seq 414, length 40 11:33:27.991979 Port8, IN: ethertype IPv4, IP 172.16.87.99 > dns.google: ICMP echo request, id 1, seq 415, length 40 11:33:27.991979 ITD_LAG01, IN: ethertype IPv4, IP 172.16.87.99 > dns.google: ICMP echo request, id 1, seq 415, length 40 11:33:27.991979 ITD_LAG01.87, IN: IP 172.16.87.99 > dns.google: ICMP echo request, id 1, seq 415, length 40 11:33:27.992031 Port2, OUT: IP 172.16.87.99 > dns.google: ICMP echo request, id 1, seq 415, length 40 11:33:28.672393 Port2, OUT: IP 192.168.1.2 > dns.google: ICMP echo request, id 12, seq 1, length 192 11:33:28.686232 Port2, IN: IP dns.google > 192.168.1.2: ICMP echo reply, id 12, seq 1, length 76 11:33:28.686325 Port2, OUT: IP 192.168.1.2 > dns.google: ICMP echo request, id 12, seq 2, length 192 11:33:28.694989 Port2, IN: IP dns.google > 192.168.1.2: ICMP echo reply, id 12, seq 2, length 76 11:33:32.985746 Port8, IN: ethertype IPv4, IP 172.16.87.99 > dns.google: ICMP echo request, id 1, seq 416, length 40 11:33:32.985746 ITD_LAG01, IN: ethertype IPv4, IP 172.16.87.99 > dns.google: ICMP echo request, id 1, seq 416, length 40 11:33:32.985746 ITD_LAG01.87, IN: IP 172.16.87.99 > dns.google: ICMP echo request, id 1, seq 416, length 40 11:33:32.985776 Port2, OUT: IP 172.16.87.99 > dns.google: ICMP echo request, id 1, seq 416, length 40 11:33:37.975972 Port8, IN: ethertype IPv4, IP 172.16.87.99 > dns.google: ICMP echo request, id 1, seq 417, length 40 11:33:37.975972 ITD_LAG01, IN: ethertype IPv4, IP 172.16.87.99 > dns.google: ICMP echo request, id 1, seq 417, length 40 11:33:37.975972 ITD_LAG01.87, IN: IP 172.16.87.99 > dns.google: ICMP echo request, id 1, seq 417, length 40 11:33:37.976000 Port2, OUT: IP 172.16.87.99 > dns.google: ICMP echo request, id 1, seq 417, length 40

LuCar Toni · Accepted Answer

See the connection: It is not the same connection, it is a different (likely the interface itself and the Interface monitoring). 
 You connection is seq415. And it is not translated. 
 So the problem is MASQ / NAT. Somehow your SNAT is not applied. 
 Look at packet capture on the Webadmin - Then check the NAT, which is applied, you see it there.

Leonardo Avesani · Answer

In the packet capture it showed NAT ID 0, what I guess means that no NAT rule was applied. I then moved the Default NAT rule to the Top and now I am able to Ping successfully. I am not sure why the NAT did not get applied before but I guess it works now. Thanks for your help.

LuCar Toni · Answer

Those ICMP replies are not your Replies. 
 Actually Google does not reply to your client. 
 11:33:28.672393 Port2, OUT: IP 192.168.1.2 > dns.google: ICMP echo request, id 12, seq 1, length 192 11:33:28.686232 Port2, IN: IP dns.google > 192.168.1.2: ICMP echo reply, id 12, seq 1, length 76 11:33:28.686325 Port2, OUT: IP 192.168.1.2 > dns.google: ICMP echo request, id 12, seq 2, length 192 11:33:28.694989 Port2, IN: IP dns.google > 192.168.1.2: ICMP echo reply, id 12, seq 2, length 76 
 Those are likely the Interface monitoring ICMP packets. See Seq number 
 My guess is: You do not have a MASQ Rule enabled? Because you are sending ICMP Requests with your internal IP, which google does not know. 
 
 11:33:14.491984 Port8, IN: ethertype IPv4, IP 172.16.87.99 > dns.google: ICMP echo request, id 1, seq 413, length 40 11:33:14.491984 ITD_LAG01, IN: ethertype IPv4, IP 172.16.87.99 > dns.google: ICMP echo request, id 1, seq 413, length 40 11:33:14.491984 ITD_LAG01.87, IN: IP 172.16.87.99 > dns.google: ICMP echo request, id 1, seq 413, length 40 11:33:14.492096 Port2, OUT: IP 172.16.87.99 > dns.google: ICMP echo request, id 1, seq 413, length 40 
 This should be 192.168.1.2, as in the working above. 
 Check your NAT (SNAT).

Routing Problem on XG19.0.0

Top Replies