Hi Guys,
I have noticed an issue with a particular Internet website depending on the NAT method used by the firewall when accessed by clients inside the network.
If I hide the traffic, the website will not load (timeout). However, if I static NAT, the website loads fine.
I took tcpdumps of both scenarios and noticed the following:
- When using hide NAT, the TLS version proposed by the gateway/hidden address is TLSv1 (site times out)
- When using static NAT, the TLS version proposed by the static NAT address is TLSv1.2 (site loads successfully)
Any idea what may cause this? Can I force the firewall to use TLSv1.2 as a client?