Hello,
I came through a situation for the past couple of days:
I have 2 Firewall stages, Core and Perimeter (each stage with 2xFPR3110):
Scenario:
-My perimeter firewall is point-to-point connected on a /27 public subnet with my Border router that's interconnecting with the ISP [PerimeterFW ---/27 public subnet ---> MY Border router --- /30 public subnet ---> ISP Router]
From the /27 subnet, i used one IP on Perimeter FW interface, and one on MY Border router
- The request was the following: the user wants to connect on tcp/22 using on one of the remaining IPs from the public /27 subnet, and to be redirected to an internal resource.
For this request i've performed DNAT. did access rule, made sure that i do have a valid route towards internal resource
The point here is that when i test with packet tracer, the flow is allowed, but in reality its not working.
Another funny thing is that for testing purpose i've allowed ICMP on the public IP from the perimeter firewall and is not working. It looks like the Access policies are not doing anything. I ve also allowed icmp from platform settings and the same result not working.
I mention that the segment between ISP router and Perimeter firewall (that /27 is router properly, as i can ICMP reach MY border router on that interface)
I mention that i ve double checked the zones, routing and access policies.
Please help
