For details on cookie usage on our site, read our Privacy Policy
PA sending TCP RST for a NAT rule
- LIVEcommunity
- Discussions
- General Topics
- PA sending TCP RST for a NAT rule
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Printer Friendly Page
- Mark as New
- Subscribe to RSS Feed
- Permalink
04-20-2020 03:26 AM
Hi everybody,
Adding a bidirectionnal NAT rule for an ssl web server and the according security rule, connections from outside are dropped as "Incomplete". Traffic capture show that first SYN packet received is directly rejected by PA with a RST response. What does it mean ?
Regards.
- Mark as New
- Subscribe to RSS Feed
- Permalink
12-13-2020 01:06 PM
Hi, can you elaborate a little more about the "It is always safer to create 2 NAT policies for DNAT and SNAT than bi-direcitonal"
I do have most of mine NAT rule is currently provisioned bi-directional and we are seeing issue with client server session reset. So, I searched and see this thread but do not understand about the statement you metioned. Thanks much for your help and if you could help and give a sample practical NAT rule using two separates policies instead of one as you said.
- Collecting customer deployment information in General Topics
- IKE phase 1 not working in General Topics
- Agent Blocking files/processes dynamically based on conditions in Cortex XDR Discussions
- Cortex XDR - Brute force alert rule in Cortex XDR Discussions
- FW stops forwarding files to WF 500 in Next-Generation Firewall Discussions
Show your appreciation!
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
