Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
251
Views
0
Helpful
1
Replies

MARS and FWSM NAT translation

hoffa2000
Level 3
Level 3

‎03-03-2008 06:21 AM - edited ‎03-09-2019 08:13 PM

Greetings

I've been running CS-MARS along with an FWSM and IDSM for about a year now and has always wanted to know one thing.

If the IDSM send an alert originating from the FWSM global IP I 'sometimes' get a translation into the internal NATed IP address. It's about a 10% success ratio.

All systems are set with NTP to an internal server and I see no special pattern to it.

Any ideas?

Best regards

Fredrik

Labels:
0 Helpful
1 Reply 1

tstanik
Level 5
Level 5

‎03-07-2008 01:54 PM

You need to check the NAT rules to find out which rule is working and changing the IP. After this scan the network traffic and determine at which particular traffic this happens.

0 Helpful
Customers Also Viewed These Support Documents