Operational Defect Database
BugZero found this defect 2998 days ago.
Data sources
All data on this page is proprietary to BugZero® or gathered from public sources
WatchGuard Technologies | kA10H000000g3hSSAQ
UI does not prevent you from configuring an external interface IP address as the NAT base IP address in 1-to-1 NAT
Last update date:
3/4/2016
Affected products:
Firebox M200
Firebox M300
Firebox M270
Firebox M370
Firebox M470
Firebox M570
Firebox M670
Firebox M290
Firebox M390
Firebox M400
Firebox M500
Firebox M440
Affected releases:
All
Fireware
11.x
11.10.x
11.10
11.10.1
11.10.2
11.10.3
11.10.4
11.10.5
11.10.6
11.10.7
Fixed releases:
All
Description:
Issue
If you use the Fireware Web UI or Policy Manager to configure 1-to-1 NAT, there is no warning if you configure the external interface IP address or an external secondary IP address as the NAT base IP address in your 1-to-1 NAT rule.This configuration can cause disruptions to any inbound traffic for a policy that uses that external IP address, including remote management connections from WatchGuard System Manager or the Web UI.
Workaround/Solution
Make sure you do not use any external interface IP address or secondary network as the NAT base IP address in a 1-to-1 NAT rue. An IP address should never be configured as both an external interface IP address and the NAT base IP address.
