- CheckMates
- :
- Products
- :
- Quantum
- :
- SMB Gateways (Spark)
- :
- Re: What are the differences in NAT configuration ...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Are you a member of CheckMates?
×- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
What are the differences in NAT configuration between standard Quantum and Quantum Spark?
Hello Team,
Currently, I have connected Quantum Spark to Smart-1 Cloud and configured the policies, but even with the same policies as Quantum, PCs connected under Spark cannot access the internet.
Are there any configuration differences between Quantum and Spark that I should be aware of?
The Spark device itself can download updates over the internet without any issues, so connectivity seems fine.
The version is the latest R81.10.
Thank you in advance for your assistance.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
In general no, not when centrally managed.
R81.10.10 or R81.10.15 and which build also is your NAT dependent on proxy ARP?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Can we move this into the Spark corner, @PhoneBoy ?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thank you
We are using R81.10.15. Are there any differences in the settings for R81.10.15? Also, we are not using Proxy ARP.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I dont believe there would be any differences. If I were you, I would do some basic testing and see where the connection fails. For example, is it even leaving the firewall, what do logs show, any drops in the logs from S1C portal?
Best,
Andy
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thank you for the advise.
I couldn't find any logs indicating drops. It seems that NAT is not functioning properly. I would like to know the command to check if NAT is working as expected.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
There must be something wrong somewhere (in the rule base ?) as this usually works as expected. I would suggest to open SR' with CP TAC as i think this can be resolved during a short RAS. Without a look into your Dashboard we can not help you as this is no common error at all!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I agree with @G_W_Albrecht 100%. If you call TAC, they can do remote and probably fix it quick. See, for us here, unless we see exactly whats happening, its very difficult to even make a logical assumption. Personally, if I were you, I would do an actual capture on the gateway (tcpdump and fw monitor) and draw my conclusions based on that.
Best,
Andy
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
general guidelines:
first aid to see what's up with the packet use 'fw monitor'
for example let's filter some dst (9.9.9.9)
fw monitor -F "0,0,9.9.9.9,0,0"
run ping to 9.9.9.9 from the PC behind the Spark.
you should see the same packet four times, with i, I, o, O.
if you see only i, it probably drops. (run fw ctl zdebug + drop to see the reason)
if don't see o, you don't have route (probably not the case)
on O, you should see the source is changing to the NAT IP (rather then original PC IP).
if you still see the original IP, you don't have NAT.
how exactly did you configure your NAT ? (Automatic NAT/manual NAT) please provide screenshot or details.
Thanks
