I'm working on developing my rule base prepping for implementation. I'm noticing that alot of my inbound rules, ie:
Where the destination in an address object with my internal IP. Now of course I have NAT rules to statically NAT the traffic inbound and outbound. Outbound (handled by another rule), the log shows the internal IP address as the source IP. However, for inbound traffic the log shows the destination IP as the NAT address and does not catch on the rule above. Looking at the details of the log it shows that it is being NAT'd correctly and what not. Is this normal behavior? Do I need two objects (even though I know I don't need an object) for each IP, an external object and an internal object? Should the rule above contain the destination object of the external IP?
Just FYI, this behavior didn't always seem to be the case. As I went back through my logs I saw where it look as though this rule was catching as it should have been. Recently I went from one VR to three VRs to handle redundant ISPs. Could this be the reason we see it logged this way?
Inbound connection for security policy should reflect the destination's public ip. Nat rule will dnat it to a private address. Perhaps that's the reason for the logging discrepancy. Also, I would put your inbound NAT above your source nat rule for outbound access. It'd be nice to be able to look at your session table if this issue perists, however.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!