Hi,
I am a little bit confused about the reflexive NAT rules in v18. I migrated from v17 and it has created a lot of additional firewall (not NAT) rules for incoming destination NAT rule reversals. For example, I used to have an incoming DNAT business firewall rule to a webserver. The migration added a second rule below that with "reflexive" in the name. That rule has zero hits.
Shouldn't NAT be stateful? E.g. if I have an incoming DNAT rule, the reply traffic should be matched to the session and natted back automatically? Why would I have to add these weird reflexive rules?
I am completely and utterly confused.
This thread was automatically locked due to age.