VIP Issue
Hey all,
I've setup a couple of VIPs with the same external IP to different internal IPs/networks and different ports on a client's firewall running 6.0.3 (previously 6.0.2).
One of the VIPs only listens on TCP 7108 and forwards to a server on the Internal LAN.
The other VIP listens on 22 and is supposed to forward to a server on the DMZ LAN (ftp over ssh).
The issue is that traffic to the second VIP never seems to get to the firewall. I sniff the IP and port 22, or I sniff the DMZ IP and port 22 and see nothing. The first VIP to the internal LAN works perfectly.
If I set the second VIP to use port 2222 (for example) and forward to 22, this works fine and responds. The issue is that I need the 22 to 22 to work.
The client has limited IPs to work with or I'd consider using a different IP entirely.
This, to me, appears to be a bug with forwarding SSH. I confirmed I have it disabled on all interfaces for management, and don't see a specific Local-IN Policy using it or other policy using it.
If I enable SSH on the WAN interface, it works - so I don't believe it's the ISP blocking the traffic outside the firewall.
Thoughts?
Just an odd issue....never had issues with VIPs before.
Thanks!