Hello,
Am trying to setup destination NAT on a SSG 350m.
Internet -> SSG 350m -> Internal machine
24.12.0.2 -> 192.168.1.1 -> 192.168.1.111
UDP/30200 -> -> UDP/30200
Policy:
set service "UUP" protocol udp src-port 0-65535 dst-port 30000-30500
set service "UUP" + udp src-port 0-65535 dst-port 30200-30200
set policy id 5 from "Untrust" to "Trust" "Any" "Any" "UUP" nat dst ip 192.168.1.111 permit log
When I hit the 24.12.0.2 IP with traffic, nothing happens, nothing in the logs.
When I add a VIP, it doesn't work, because I have more than 64 ports being exposed
set interface ethernet0/2 vip interface-ip 30000 "UUP" 192.168.1.111 manual
But it does work, with the VIP if I reduce to 50 ports only.
# Less ports (only 50) AND VIP together work
set service "UUP" protocol udp src-port 0-65535 dst-port 30000-30050
set service "UUP" + udp src-port 0-65535 dst-port 30200-30200
set policy id 5 from "Untrust" to "Trust" "Any" "Any" "UUP" nat dst ip 192.168.1.111 permit log
set interface ethernet0/2 vip interface-ip 30000 "UUP" 192.168.1.111 manual
Is there a way to get the SSG 350m to redirect traffic from a large port range? 64 ports is too limiting.