BugZero found this defect 747 days ago.
Data sources
All data on this page is proprietary to BugZero® or gathered from public sources
5/20/2022
Firebox M200
Firebox M300
Firebox M270
Firebox M370
Firebox M470
Firebox M570
Firebox M670
Firebox M290
Firebox M390
Firebox M400
Firebox M500
Firebox M440
All
Fireware
12.x
12.8.x
v12.9
In Fireware v12.8.x, SD-WAN actions are incorrectly applied to traffic that emerges from a BOVPN tunnel and is destined for an external network. Affected connections fail to establish and you see one or more of these symptoms: Traffic is always routed out the first external interface, regardless of which interface is defined in SD-WANDynamic NAT is not applied to outbound trafficIncorrect src_nat_ip value in connection log messagesConnections are denied with tcp syn checking failed
There are two workarounds for this issue: Disable SD-WAN on all policies that handle traffic sourced from BOVPN networks.Use a VIF-based VPN.