Hi folks,
I have been trying workout why some of my linked NAT rules show no use.
Background.
I Built EAP3 and used my v17 backup as the configuration method.
I deleted all the default linked NAT rules and created one generic NAT rule. This does not work well for traffic between internal networks. So I added a none MASQ rule to cover connections between internal networks but you need one for each internal network rule.. This was not required in V17.
The XG appears to slow down after I removed all the linked NAT rules, throughput was fine just web pages became very slow to load.
So to overcome this issue I added linked NAT rules for all external connection firewall rules, both IP4 and IPv6.
All active firewall rules are passing traffic but eh associated linked NAT rules are not.
According to the logviewer I have two firewall rules using the same linked NAT rule even though the firewall rules are shown associated to different linked NAT rules.
I have one firewall rule for my VoIP phones which uses NAT rule 0 and not the associated linked NAT rule.
Maybe this explains why my DPI is working on devices without CAs installed eg IoT devices?
Also intermittently some sites take two attempts to establish a secure connection and then other times during the day they will not connect at all.
Devs please feel free to login and investigate, Pankti of the EAP reporting team has the current access details.
Ian