Operational Defect Database
BugZero found this defect 1860 days ago.
Data sources
All data on this page is proprietary to BugZero® or gathered from public sources
WatchGuard Technologies | kA10H000000g3SVSAY
Proxy traffic fails for 1-to-1 NAT hosts if NAT Base IP address is not bound on interface
Last update date:
4/17/2019
Affected products:
Firebox M200
Firebox M300
Firebox M270
Firebox M370
Firebox M470
Firebox M570
Firebox M670
Firebox M290
Firebox M390
Firebox M400
Firebox M500
Firebox M440
Affected releases:
All
Fireware
12.x
12.4.x
Fixed releases:
All
Description:
Issue
When traffic passes through a proxy from an IP address that is part of a 1-to-1 NAT rule, the connection fails if the external NAT base is not configured as a secondary IP address on the corresponding interface. For incoming connections, the connection is seen as unhandled. For outgoing connections, the connection is accepted but fails to pass the firewall.
Workaround/Solution
Add the NAT Base IP address as a secondary IP address on the corresponding external interface.
