Operational Defect Database
BugZero found this defect 60 days ago.
Data sources
All data on this page is proprietary to BugZero® or gathered from public sources
WatchGuard Technologies | kA1Vr0000000T3dKAE
Firebox alias wildcard members match all subnets in the global dynamic NAT translations table
Last update date:
3/20/2024
Affected products:
Firebox M200
Firebox M300
Firebox M270
Firebox M370
Firebox M470
Firebox M570
Firebox M670
Firebox M290
Firebox M390
Firebox M400
Firebox M500
Firebox M440
Affected releases:
All
Fireware
12.x
12.0.x
12.1.x
12.1
12.1.1
12.1.3
12.10.x
12.2.x
12.3.x
12.4.x
Fixed releases:
All
Description:
Issue
When the global dynamic NAT (DNAT) translations table has a Firebox alias entry that contains a member with a wildcard IPv4 or IPv6 address, all subnets that follow the entry in the translations table are ignored. This is because the subsequent subnets incorrectly match with the wildcard IP address entry.
Workaround/Solution
Make sure to enter all Firebox alias member information, such as IP address, for the Firebox alias.
