USG210: NAT-Loopback warning in log. Why?

FrankLauer

I have a setting with several NAT port forwardings and loopback activated. Everything fworks fine but when I restart the device I have warnings about NAT configuartion as follows:

647 2019-12-24 10:13:16                                            

   info              nat                  CONFIG CHANGE                                 

   NAT rule HTTP1 has been created.

648 2019-12-24 10:13:16                                            

   alert             file-manage                                                          

   WARNING: #configure terminal ip virtual-server HTTP1 interface wan1 source-ip WAN1_IP original-ip WAN1_IP map-to WebBox map-type original-service HTTP mapped-service HTTP nat-loopback, Original IP cannot be set to ANY while NAT-Loopback is activated because it might cause device unreachable.

The warning says that "Original IP cannot be set to ANY". But you also see that in fact the original-ip is WAN1_IP.

So why I do have that warning?

Zyxel_Emily

Hi @FrankLauer,

In reboot process, the interface is not ready and the check result hits the restriction "Original IP cannot be set to ANY". That's why it shows warning message when you use address object as the Original IP. After the device boots up completely, the interface is ready and the warning message doesn't appear any more.You can ignore the warning message.

Zyxel_Emily

Hi @FrankLauer,

What is the firmware version on your USG210?

Can you share the screen shot of the warning message with us?

I use the firmware 4.35(AAPI.2) and create a NAT rule as follows. After the device reboots, there is only log "NAT rule test has been created."

Go to the NAT configuration page and there is no warning message.

FrankLauer

Hi Emily,

I have the same firmware and the same NAT configuration as shown in your image.

But the warning is in the category 'File Manager' as priority alert (red).

After boot you may select this cat or cat 'all' and it should appear.

EDIT:

Ok, I found a difference. You are using a fix IP for 'External IP'. With this setting I also don't have an warning (I checked it now.)

But I use normally an address object for that, as recommended in various tutorials.

The adress object I call 'WAN1_IP' and it is of type INTERFACE IP to the interface wan1. With that setting I don't need to touch the NAT rule if the WAN address may change.

FrankLauer

Thank you :)