I have something weird on srx5800 cluster and not sure is it normal or not. I have one server that have configure "destination nat" to that server. The ip segment for the destination nat is not same with ip source nat interface.
When i ping from server itself to destination different zone it using ip "destination nat" instead supposedly must using ip "source nat" interface. I can see it when i'm execute command "show security flow session source-prefix" . Is it normal due to have destination-nat or it not normal?
Thanks and appreciate any feedback.
Is the nat rule under security nat destination or security nat static?
This would be the expected behavior for static but not destination.
If it is under destination the other possibility is that the icmp traffic had an existing session from the inbound direction prior to your outbound ping. Then the match would occur without creating a new session. This you could verify with your view of the session table.
The rule is under destination NAT. I try to stop the session for example from continues ping and ping back and it still using IP under destination NAT not from IP Interface source NAT. Supposedly it should use IP Interface source NAT right for outgoing traffic?
Thanks and appreciate your feedback