Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

v18 NAT - stateful?

Hi,

I am a little bit confused about the reflexive NAT rules in v18. I migrated from v17 and it has created a lot of additional firewall (not NAT) rules for incoming destination NAT rule reversals. For example, I used to have an incoming DNAT business firewall rule to a webserver. The migration added a second rule below that with "reflexive" in the name. That rule has zero hits.

Shouldn't NAT be stateful? E.g. if I have an incoming DNAT rule, the reply traffic should be matched to the session and natted back automatically? Why would I have to add these weird reflexive rules?

I am completely and utterly confused.



This thread was automatically locked due to age.
Parents Reply Children
No Data