Hello all,
I have been a very long time UTM user and continue to refine and tweak my environment. Recently I've become aware that it appears my SNAT rule(s) are not always working. They work just fine 99% of the time, but if I capture on my external interface, I can see occasionally traffic that wasn't translated. Any thoughts about whats going on and/or how to remedy?
To explain my setup in it's simplicity, I have two UTM firewalls. One is a Home licensed version and acts as my primary firewall (call it FW1). I have a second firewall (base license only - FW2) behind one dedicated interface on FW1. I have a single NAT rule on FW2 that says <All Protected Networks> <any port> <Any Destination> -> Source Translate to External (Address).
Ultimately, the devices behind FW2 work. They are a mix of IoT devices, firesticks, etc. Sometimes the streams for Netflix, Disney+, etc take a few seconds to load - but they do and the kids are streaming all day. I can see however in the FW1 logs that occasionally I am seeing the actual IPs of some of those IoT devices hitting it, when they should be SNAT. A tcpdump further confirmed this. It's not a lot, but more than none.
To a much lesser extent I'm also seeing something similar on the external interface of FW1. It almost seems like the firewall can't keep up or loses track. The CPUs and RAM are near idle though.
This thread was automatically locked due to age.