Problem with port forward rules interfering with LAN-WAN masquerading

Question

If I create a Business Application Rule for ports 80 and 443 to an internal web server, and I have that policy rule above the generic Lan->Wan allow all rule then the outgoing web traffic from the web server is not masqueraded. All other machines on the LAN do not have this issues, only the web server. 
 I have verified this from a packet capture and I can see the packets are forwarded with their internal source address intact. 
 If I move the Wan->Lan Business Application Rule to be below the Lan->Wan Masquerading User/Network Rule then there is no problem. 
 There should be no problem as the Wan->Lan rule should not effect traffic originating on the Lan.

sachingurung · Answer

Hi Jonathan, 
 
Reflexive rule has the same policies as those configured for the hosted server but instead of source zone to 
destination zone, this rule is applicable on traffic from destination zone to source zone. 
By default, the reflexive rule is not created. 
 
Hence, when you enable Reflexive Rule within a Business Application Rule, this rule should be placed on TOP of all the other LAN_WAN Rules. As per the architecture this Rule will act as a LAN_WAN Rule for Web Server's outgoing traffic, alongside it will work as a WAN_LAN Rule to suffice the DNAT requests. 
 
Try this and let me know further. 
 
Thanks 
Sachin

Problem with port forward rules interfering with LAN->WAN masquerading