# config firewall vipTo allow this traffic from PC to server using mapped IP, PORT4 to PORT4 policy has to be configured.
edit "test"
set uuid f1a6b83e-f27c-51eb-aa4a-b6c947c7530a
set extip 1.1.1.1
set extintf "any"
set mappedip "172.31.128.20"
next
end
edit 4Note.
set name "test2"
set uuid 80d69150-f27d-51eb-aedc-5af165624624
set srcintf "port4"
set dstintf "port4"
set srcaddr "all"
set dstaddr "test"
set action accept
set schedule "always"
set service "ALL"
next
end
aegon-kvm39 # id=20085 trace_id=415 func=print_pkt_detail line=5618 msg="vd-root:0 received a packet(proto=1, 172.31.128.2:1->1.1.1.1:2048) from port4. type=8, code=0, id=1, seq=33."
id=20085 trace_id=415 func=init_ip_session_common line=5788 msg="allocate a new session-00081764"
id=20085 trace_id=415 func=fw_pre_route_handler line=181 msg="VIP-172.31.128.20:1, outdev-unknown"
id=20085 trace_id=415 func=__ip_session_run_tuple line=3410 msg="DNAT 1.1.1.1:8->172.31.128.20:1"
id=20085 trace_id=415 func=vf_ip_route_input_common line=2595 msg="find a route: flag=04000000 gw-172.31.128.20 via port4"
id=20085 trace_id=415 func=fw_forward_handler line=771 msg="Allowed by Policy-4: SNAT"
id=20085 trace_id=415 func=__ip_session_run_tuple line=3396 msg="SNAT 172.31.128.2->172.31.128.1:60417"
id=20085 trace_id=416 func=print_pkt_detail line=5618 msg="vd-root:0 received a packet(proto=1, 172.31.128.20:60417->172.31.128.1:0) from port4. type=0, code=0, id=60417, seq=33."Packet Flow.
id=20085 trace_id=416 func=resolve_ip_tuple_fast line=5698 msg="Find an existing session, id-00081764, reply direction"
id=20085 trace_id=416 func=__ip_session_run_tuple line=3410 msg="DNAT 172.31.128.1:0->172.31.128.2:1"
id=20085 trace_id=416 func=vf_ip_route_input_common line=2595 msg="find a route: flag=04000000 gw-172.31.128.2 via port4"
id=20085 trace_id=416 func=npu_handle_session44 line=1142 msg="Trying to offloading session from port4 to port4, skb.npu_flag=00000000 ses.state=00000200 ses.npu_state=0x00040000"
id=20085 trace_id=416 func=fw_forward_dirty_handler line=399 msg="state=00000200, state2=00000000, npu_state=00040000"
id=20085 trace_id=416 func=__ip_session_run_tuple line=3396 msg="SNAT 172.31.128.20->1.1.1.1:1"
2021-08-01 06:57:07.525936 port4 in 172.31.131.2 -> 1.1.1.1: icmp: echo request
2021-08-01 06:57:07.529835 port4 out 172.31.128.1 -> 172.31.128.20: icmp: echo request
2021-08-01 06:57:07.530431 port4 in 172.31.128.20 -> 172.31.128.1: icmp: echo reply
2021-08-01 06:57:07.531657 port4 out 1.1.1.1 -> 172.31.131.2: icmp: echo reply
Related Articles
Technical Tip: How to disable source NAT to enable a hairpin policy or one-arm firewall
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.