https://live.paloaltonetworks.com/t5/general-topics/dip-nat-on-inter-vsys-traffic/m-p/484708#M104447 <P>Thanks for the answer.</P><P>&nbsp;</P><P>Sorry I didn't mention my current version, it's 8.1 and FW is PA-5250..</P><P>And I found some weird log, which is "session end reason is unknown."</P><P>Guess that hit the bug, and it looks like not every traffic but some traffics definitely are affected.</P><P>&nbsp;</P> Wed, 04 May 2022 01:30:56 GMT yhlee1 2022-05-04T01:30:56Z https://live.paloaltonetworks.com/t5/general-topics/dip-nat-on-inter-vsys-traffic/m-p/484458#M104430 <P>Hello,</P><P>&nbsp;</P><P>I have a FW that has many nat rules.</P><P>&nbsp;</P><P>And I found a bug,&nbsp;pan-130550:</P><DIV class="">(<SPAN>PA-3200 Series, PA-5220, PA-5250, PA-5260, and PA-7000 Series firewalls</SPAN>) For traffic between virtual systems (inter-vsys traffic), the firewall cannot perform source NAT using dynamic IP (DIP) address translation.</DIV><DIV class=""><DIV>Workaround:&nbsp;<SPAN>&nbsp;</SPAN><SPAN>Use source NAT with Dynamic IP and Port (DIPP) translation on inter-vsys traffic.</SPAN></DIV><DIV>&nbsp;</DIV><DIV><SPAN>Mine is PA-5250 and I already have DIP NAT rules for inter vsys traffic, and it looks like working well(hit counts, log..)</SPAN></DIV><DIV>&nbsp;</DIV><DIV><SPAN>Anyone knows about that bug? Does it impact on every traffic or sometimes FW cannot perform NAT?</SPAN></DIV><DIV>&nbsp;</DIV><DIV><SPAN>The workaround of the bug not works for me, I can't convert every DIP NAT rule to DIPP in my FW...</SPAN></DIV></DIV> Tue, 03 May 2022 08:58:33 GMT https://live.paloaltonetworks.com/t5/general-topics/dip-nat-on-inter-vsys-traffic/m-p/484458#M104430 yhlee1 2022-05-03T08:58:33Z https://live.paloaltonetworks.com/t5/general-topics/dip-nat-on-inter-vsys-traffic/m-p/484650#M104442 <P><a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/103730">@yhlee1</a>,</P> <P>This bug ID has been carried through PAN-OS since the hardware platforms were released with the newer FPGAs. If you aren't running into an issue on your current release, I wouldn't be overly worried about it moving forward.&nbsp;</P> Tue, 03 May 2022 20:27:53 GMT https://live.paloaltonetworks.com/t5/general-topics/dip-nat-on-inter-vsys-traffic/m-p/484650#M104442 BPry 2022-05-03T20:27:53Z https://live.paloaltonetworks.com/t5/general-topics/dip-nat-on-inter-vsys-traffic/m-p/484708#M104447 <P>Thanks for the answer.</P><P>&nbsp;</P><P>Sorry I didn't mention my current version, it's 8.1 and FW is PA-5250..</P><P>And I found some weird log, which is "session end reason is unknown."</P><P>Guess that hit the bug, and it looks like not every traffic but some traffics definitely are affected.</P><P>&nbsp;</P> Wed, 04 May 2022 01:30:56 GMT https://live.paloaltonetworks.com/t5/general-topics/dip-nat-on-inter-vsys-traffic/m-p/484708#M104447 yhlee1 2022-05-04T01:30:56Z