topic Quantum Spark NAT rule issue in Spark Firewall (SMB)

Quantum Spark NAT rule issue

nadsystems — Wed, 20 Dec 2023 10:51:52 GMT

Hi,

I am having a problem with a simple static NAT rule.

The NAT rule

Original Source : 88.176.93.245

Original Destination : 37.58.232.192 (Gateway public IP)

Original Service : TCP 5000

Translated Source : Original

Translated Destination : 192.168.20.11 (internal device)

Translated Service : Original

The related security rule

Source : 88.176.93.245

Destination : 37.58.232.192 (Gateway public IP)

Service : TCP 5000

Action : Allow

The routing table (directly connected)

192.168.20.0/24 | Any | Any | LAN10.20 | 0 | Directly Connected

37.58.224.0/24 | Any | Any | WAN12 | 0 | Directly Connected

When I test from IP 88.176.93.245 to 37.58.232.192 on TCP port 5000 :

I can see in the logs that the traffic is arriving on the gateway : 88.176.93.245 --> 37.58.232.192 on TCP 5000 --> Accept
But the NAT rule does not apply : nothing on 37.58.232.192 --> 192.168.20.11

On the log 88.176.93.245 to 37.58.232.192 on TCP port 5000 I see different things that appeal to me :

NAT rule number : 6 --> OK
Inzone : External --> OK
Out-Zone : External --> ????

Do you have an idea please?

thank you in advance for your help !

Re: Quantum Spark NAT rule issue

G_W_Albrecht — Wed, 20 Dec 2023 13:51:41 GMT

What do you want to achieve here ? Why not define 192.168.20.11 as a webserver ?

Re: Quantum Spark NAT rule issue

Chris_Atkinson — Wed, 20 Dec 2023 21:28:53 GMT

To confirm you don't see 37.58.232.X in the routing table?

Also which firmware version & build is the spark appliance installed with and is it centrally or locally nmanaged?

Re: Quantum Spark NAT rule issue

PhoneBoy — Wed, 20 Dec 2023 16:14:10 GMT

For NAPT involving the Security Gateway IP, you need to create a Server object instead of a NAT rule.
This is done via Users and Objects > Network Resources > Servers in the WebUI.