Hi,
I'm trying to sort out my NAT'ing after upgrading from 17.5.10 to SFOS 18.0.0 GA-Build354.
I have two identical devices (except for internal IP and port) that have no accessible console and are managed via an app. Since upgrading to 18.0.0, one of them shows as disconnected in the app. To troubleshoot, I have put a Linux VM on the same VLAN with a very simple (Python) webserver running on it. However, I cannot browse to it. The web browser redirects to the DHCP assigned interface of the XG's (physical) LAN interface, which is serving the user portal (port 8090), even if I browse to http://localhost on the Linux VM, I get the redirect.
I'm not blaming 18.0.0 as the behaviour might have existed in older versions, but if this is what is happening to my devices in the background, that would explain why they are not working.
How do I stop this behaviour?
Further info:
These two devices have to be accessible from the Internet and I had two port-forward NAT rules in place (DNAT?). All my auto-migrated NAT rules seem to work except for this one device.
I have gone through the auto-generated S/D NAT rules and created new, generic rules. I must admit, I don't understand the reason for linking. I've created generic SNAT rules for each VLAN and rely on the FW to accept/reject traffic.
I don't know if this is relevant, but AFIK, the XG does not understand the concept of VLAN1 or allow one to assign a VLAN to the XG's management interface, so, as per a recommendation on this forum, I've set up my VLANs and set the physical LAN interface to DHCP. Each VLAN has a DHCP scope and for reasons unbeknown to me, it has chosen to pick up an IP address from VLAN50.
I have not configured any IPS, WAF or VPN features yet. XG is just doing the routing and layer 3 FW stuff.
As always, any pointers or help will be gratefully received.
T. I. A.
This thread was automatically locked due to age.
