12.4u2 NAT Issues

Hi,

Is anyone else experiencing NAT issues with 12.4u2?
Since upgrading i've noticed all our external traffic is going out as our external interface address and its completely ignoring the rules.
Its even translating public IP addresses which obviously don't have rules associated with them.

I've raised a call with WG, just thought i'd see if the problem is more widespread.

M4600
12.4u2

--
WatchGuard M4600 (x2 Cluster)
WatchGuard M200
Firmware : 12.4.1

Comments

  • Do you have multiple external interfaces ?
    If so, there are changes with SD-WAN which may be affecting your config.
    If you can't figure this out, then consider opening a support incident to get help from WG in resolving this.

    Review this post:
    problems after upgrade to 12.4
    https://community.watchguard.com/watchguard-community/discussion/173/problems-after-upgrade-to-12-4

  • Hi,
    Just one external interface. Don't use any SD-WAN config. Everything was all working just fine up until the upgrade. Translation rules all look good and proxy settings are all in place. I smell a bug... Going to upgrade to 12.4.1 tonight and fingers cross it fixes it.

    Already opened a call as per original post, thanks. They've not got back to me in the last 6hrs so they must be thinking about it.

    --
    WatchGuard M4600 (x2 Cluster)
    WatchGuard M200
    Firmware : 12.4.1

  • I've been seeing random NAT'ing issues since 12.4 (beta) I believe.

  • @BrianSteingraber said:
    I've been seeing random NAT'ing issues since 12.4 (beta) I believe.

    Funny you should mention that but i've had a few times when adding a nat rule completely broke it then if you remove and re-add it works.

    --
    WatchGuard M4600 (x2 Cluster)
    WatchGuard M200
    Firmware : 12.4.1

  • I've now upgraded to 12.4.1 and can confirm this does not fix the issue.

    --
    WatchGuard M4600 (x2 Cluster)
    WatchGuard M200
    Firmware : 12.4.1

  • Mark_BoscoloMark_Boscolo Moderator, WatchGuard Representative
    edited May 2019

    There is an open NAT issue that is defined in the following Knowledge Base Article ID - Article ID: 000011920

    https://watchguardsupport.secure.force.com/publicKB?type=KBKnownIssues&SFDCID=kA40H000000J55RSAS&lang=en_US

  • Thanks for that Mark!
    That's that issue!

  • Thanks Mark. WG have now confirmed it is the HTTPS proxy issue

    --
    WatchGuard M4600 (x2 Cluster)
    WatchGuard M200
    Firmware : 12.4.1

Sign In to comment.