Support Center > Search Results > SecureKnowledge Details
Static NAT fails for outgoing connections through gateway with ISP Redundancy in Load Sharing mode
Symptoms
  • Static NAT fails for outgoing connections through gateway with ISP Redundancy in Load Sharing mode.

  • When one of the ISP links is down, connections are routed through incorrect interface.

  • Kernel debug shows (fw ctl debug -m fw + nat drop):
    FW-1: fw_first_packet_xlation: Dynamic object is already being resolved - vanishing packet
    fw_log_drop: Packet proto= ... dropped by fw_first_packet_xlation Reason: Dynamic object is already being resolved
Cause

By default, in ISP Redundancy configuration, statically translated hosts, are not allowed for open outgoing connections.


Solution
Note: To view this solution you need to Sign In .