USG210: NAT-Loopback warning in log. Why?
Ally Member
I have a setting with several NAT port forwardings and loopback activated. Everything fworks fine but when I restart the device I have warnings about NAT configuartion as follows:
647 2019-12-24 10:13:16
info nat CONFIG CHANGE
NAT rule HTTP1 has been created.
648 2019-12-24 10:13:16
alert file-manage
WARNING: #configure terminal ip virtual-server HTTP1 interface wan1 source-ip WAN1_IP original-ip WAN1_IP map-to WebBox map-type original-service HTTP mapped-service HTTP nat-loopback, Original IP cannot be set to ANY while NAT-Loopback is activated because it might cause device unreachable.
The warning says that "Original IP cannot be set to ANY". But you also see that in fact the original-ip is WAN1_IP.
So why I do have that warning?
Accepted Solution
-
Hi @FrankLauer,
In reboot process, the interface is not ready and the check result hits the restriction "Original IP cannot be set to ANY". That's why it shows warning message when you use address object as the Original IP. After the device boots up completely, the interface is ready and the warning message doesn't appear any more.You can ignore the warning message.
5
Zyxel Employee
All Replies
-
Hi @FrankLauer,
What is the firmware version on your USG210?
Can you share the screen shot of the warning message with us?
I use the firmware 4.35(AAPI.2) and create a NAT rule as follows. After the device reboots, there is only log "NAT rule test has been created."
Go to the NAT configuration page and there is no warning message.
0 -
Hi Emily,
I have the same firmware and the same NAT configuration as shown in your image.
But the warning is in the category 'File Manager' as priority alert (red).
After boot you may select this cat or cat 'all' and it should appear.
EDIT:
Ok, I found a difference. You are using a fix IP for 'External IP'. With this setting I also don't have an warning (I checked it now.)
But I use normally an address object for that, as recommended in various tutorials.
The adress object I call 'WAN1_IP' and it is of type INTERFACE IP to the interface wan1. With that setting I don't need to touch the NAT rule if the WAN address may change.
0 -
Hi @FrankLauer,
In reboot process, the interface is not ready and the check result hits the restriction "Original IP cannot be set to ANY". That's why it shows warning message when you use address object as the Original IP. After the device boots up completely, the interface is ready and the warning message doesn't appear any more.You can ignore the warning message.
5 -
Thank you :)
0
Categories
- All Categories
- 431 Beta Program
- 2.6K Nebula
- 169 Nebula Ideas
- 112 Nebula Status and Incidents
- 6K Security
- 375 USG FLEX H Series
- 294 Security Ideas
- 1.5K Switch
- 78 Switch Ideas
- 1.2K Wireless
- 42 Wireless Ideas
- 6.7K Consumer Product
- 266 Service & License
- 409 News and Release
- 87 Security Advisories
- 31 Education Center
- 10 [Campaign] Zyxel Network Detective
- 3.9K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 85 About Community
- 83 Security Highlight
