Hi folks,
recently with the aid of Prism I was able to resolve the creation of a hairpin NAT.
I was investigating the logviewer entries for some of the devices and found what I think are a couple issues?
1/. some entries have a src_tran_port with a value and others have 0.
please see the coloured lines in the text below
- src_ip="10.10.10.13"
- src_country="R1"
- dst_ip="17.253.116.253"
- dst_country="TWN"
- protocol="UDP"
- src_port="123"
- dst_port="123"
- packets_sent="1"
- packets_received="0"
- bytes_sent="76"
- bytes_received="0"
- src_trans_ip="10.10.10.1"
- src_trans_port="0"
- dst_trans_ip="10.10.10.5"
- dst_trans_port="0"
- src_zone_type="LAN"
- src_zone="LAN"
- dst_zone_type="LAN"
- dst_zone="LAN"
- con_direction=""
- con_event="Stop"
- con_id="49707584"
- virt_con_id=""
- hb_status="No Heartbeat"
- message=""
- appresolvedby="Signature"
- app_is_cloud="0"
- src_ip="10.10.10.13"
- src_country="R1"
- dst_ip="17.253.66.125"
- dst_country="AUS"
- protocol="UDP"
- src_port="123"
- dst_port="123"
- packets_sent="1"
- packets_received="1"
- bytes_sent="76"
- bytes_received="76"
- src_trans_ip="10.10.10.1"
- src_trans_port="48"
- dst_trans_ip="10.10.10.5"
- dst_trans_port="0"
- src_zone_type="LAN"
- src_zone="LAN"
- dst_zone_type="LAN"
- dst_zone="LAN"
- con_direction=""
- con_event="Stop"
- con_id="978939648"
- virt_con_id=""
- hb_status="No Heartbeat"
- message=""
- appresolvedby="Signature"
- app_is_cloud="0"
- Which to me seems odd?
2/. the firewall/Nat rule seems to break and cause packet corruption causing many devices to retry NTP lookup many times and other devices to send requests and receive 0 bytes returned. I reset the rules by changing the destination to an internal network, save it, then restore the original any, save it and the firewall/NAT rule works again for about 12 hours,
What is the cause and then how do I permanently fix the issue?
Ian
This thread was automatically locked due to age.