Hey all,
I'm migrating a configuration from another firewall.
I have no nat destination rules and all of this should just be allowed via "returning traffic" from a nat session.
In short,
I've configureed a WAN zone and a "trust" zone and just for poc that it has nothing to do with the config I have WAN to TRUST allow any source any destination and any app, and the same policy applied for TRUST to WAN.
I have both security zones allowing any protocol and any system services.
I can ping the public IP of the failing internal application at the destination, but I cannot browse to it.
It says site can't be reached.
I've checked the logs of the receiving firewalls and I do see some blocks, but I see a lot more allows for http/tcp.
anyway I can log the traffic that is being blocked from my subinterface heading to said IP address?
The only odditiy is that the srx and the firewall that is NAT'g to the hosted application are behind the same /24 (I don't think that really matters but hey, worth a shot)