Caching of NAT routing?
Hello together,
as this is my first post in this forum, please tell me, if I my question is not intended to be asked here.
I work with ZyWalls for quite some time now, but had never an comparable scenario.
We use a ZyWall 110 with firmware version 4.30(AAAA.0).
The basic problem is, that I would like to use the zywall to change quite frequently, what server inside the DMZ should be accessed from outside via HTTP and HTPPS. Therefor I created a NAT rule of type virtual server and entered the initially mapped IP and Port. In addition to that, I created a firewall rule to allow the port forwarding.
Up this this point, everything works fine.
The strange behaviour follows, after switching the mapped IP to another server. Every browser starting just then, gets the expected result from the new server. Every browser, that was already open and working with the Website on the old server, sticks to that server. I can only "reset" this, by closing the whole browser and starting it again completely.
For me it looks like some kind of session caching, but I couldn't find anything regarding such a topic inside the manual or the web interface. Even the session monitor in the web interface shows no signs of remaining sessions.
What I have tested so far:
-Creating one nat rule and changing the mapped ip
-Creating of two nat rules, one for each target, and activating, deactivating them as needed
-Altering the firewall rule to only allow access the the currently selected server, makes the problem worse, by blocking the traffic, that would flow to the old server and that way creates timeouts.
I would be more than happy, if somebody could give me a hint on how to solve this.
Greets
Aljoscha
as this is my first post in this forum, please tell me, if I my question is not intended to be asked here.
I work with ZyWalls for quite some time now, but had never an comparable scenario.
We use a ZyWall 110 with firmware version 4.30(AAAA.0).
The basic problem is, that I would like to use the zywall to change quite frequently, what server inside the DMZ should be accessed from outside via HTTP and HTPPS. Therefor I created a NAT rule of type virtual server and entered the initially mapped IP and Port. In addition to that, I created a firewall rule to allow the port forwarding.
Up this this point, everything works fine.
The strange behaviour follows, after switching the mapped IP to another server. Every browser starting just then, gets the expected result from the new server. Every browser, that was already open and working with the Website on the old server, sticks to that server. I can only "reset" this, by closing the whole browser and starting it again completely.
For me it looks like some kind of session caching, but I couldn't find anything regarding such a topic inside the manual or the web interface. Even the session monitor in the web interface shows no signs of remaining sessions.
What I have tested so far:
-Creating one nat rule and changing the mapped ip
-Creating of two nat rules, one for each target, and activating, deactivating them as needed
-Altering the firewall rule to only allow access the the currently selected server, makes the problem worse, by blocking the traffic, that would flow to the old server and that way creates timeouts.
I would be more than happy, if somebody could give me a hint on how to solve this.
Greets
Aljoscha
0
Comments
-
@AljoschaAfter switching the mapped IP to another server, the browser, that was already open and working with the Website on the old server.May I know could you manage or control old server when the issue occur?
It seems it's browser's behavior. I suggest you to use "Incognito window" and check it again.
Charlie0
Categories
- All Categories
- 347 Beta Program
- 2.1K Nebula
- 114 Nebula Ideas
- 77 Nebula Status and Incidents
- 5K Security
- 44 USG FLEX H Series
- 246 Security Ideas
- 1.2K Switch
- 64 Switch Ideas
- 901 WirelessLAN
- 33 WLAN Ideas
- 5.8K Consumer Product
- 204 Service & License
- 326 News and Release
- 71 Security Advisories
- 21 Education Center
- 5 [Campaign] Zyxel Network Detective
- 1.8K FAQ
- 831 Nebula FAQ
- 401 Security FAQ
- 219 Switch FAQ
- 190 WirelessLAN FAQ
- 45 Consumer Product FAQ
- 136 Service & License FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 71 About Community
- 61 Security Highlight