Operational Defect Database
BugZero found this defect 2043 days ago.
Data sources
All data on this page is proprietary to BugZero® or gathered from public sources
WatchGuard Technologies | kA10H000000g3bJSAQ
NAT Loopback fails for HTTPS proxy policies with TLS/SSL Offloading enabled
Last update date:
10/15/2018
Affected products:
Firebox M200
Firebox M300
Firebox M270
Firebox M370
Firebox M470
Firebox M570
Firebox M670
Firebox M290
Firebox M390
Firebox M400
Firebox M500
Firebox M440
Affected releases:
All
Fireware
12.x
12.0.x
12.1.x
12.1
12.1.1
12.1.3
12.10.x
12.2.x
12.3.x
12.4.x
Fixed releases:
All
Description:
Issue
If you have configured an HTTPS proxy policy with TLS/SSL Offloading enabled, the Firebox cannot correctly set the source IP address if you configure NAT loopback for that same policy.
Workaround/Solution
To avoid this issue, create a second HTTPS policy for users that need to connect to the server with NAT loopback. This second policy can be a packet filter, or HTTPS proxy without TLS/SSL Offloading.
