Trouble with Virtual Server NAT problems

PeterUK

USG FLEX 200H V1.20(ABWV.0)ITS-m4447

USG60W

WAN link to internet

LAN2 192.168.254.9 255.255.255.248

NAT rules for port 80 and 443 to 192.168.254.10

Flex200H

ge3 WAN3 DHCP 192.168.254.10 / 255.255.255.248

ge4 VLAN47 192.168.255.39 / 255.255.255.240

two Virtual Server NAT at rule number 22 and 23

test server on VLAN47 192.168.255.40

Incoming Interface ge3 WAN3

Source IP any

External IP INTERFACE IP, ge3

Internal IP 192.168.255.40

port

TCP 80 and the other rule 443

Enable NAT Loopback off

Problem 1

If the above rules on Flex are disabled on reboot the rules are disabled as expected but when you enable them the rules don't work then you reboot then they work.

Problem 2

On a bootup with the rules enabled all works then on USG60W you IP/MAC Binding the Flex200H WAN3 to IP 192.168.254.14 along with the NAT rules to that IP on USG60W wait on a short lease time to have the Flex change IP and test all works then disable the NAT rules on the Flex test again and the rules still work when it shouldn't.

Mk88_it

"Problem1" Yes, we are experiencing the same with Flex500H

Zyxel_Emily

Hi @PeterUK & @Mk88_it,

Thanks for reporting this issue, We will run some tests to check the symptom and update the result to you later.

Zyxel_Emily

Hi @PeterUK & @Mk88_it,

I just run the test of Problem 1.
If the above rules on Flex are disabled on reboot the rules are disabled as expected but when you enable them the rules don't work then you reboot then they work.

I just run the test with the follwing steps.
Internet----(10.214.48.46)USG60W----(DHCP: 192.168.254.10)USG FLEX 200H----(DHCP: 192.168.255.40)ZyWALL

Step 1. Disable NAT rules on USG FLEX 200H.Step 2. Reboot USG FLEX 200H. Enable NAT rules on USG FLEX 200H again.

Test Result 1:Failed to access ZyWALL GUI because the ZyWALL's IP becomes 192.168.255.41 after USG FLEX 200H reboots.

Test Result 2:
If I set static IP 192.168.255.40 on ZyWALL, NAT rule is still working after USG FLEX 200H reboots.