I have a configuration that looks as follows:

2 VDOMS, one connected to the internet (address less, transparent mode) and one internal (routed). the uplink for the routed vdom is a vdom link connecting the two and has an external IP address. I can reach the router from the internet and all seems well. However, when trying to create a virtual IP for a server behind the firewall, it doesnt seem to work! I can see traffic arriving at the firewall, and I can ping the server internally- but it isnt passing the traffic to it. Any ideas?

# show firewall vip config firewall vip edit "test" set uuid 9e5fb764-3c24-51e8-30b3-d3fe604a1edb set extip xx.xx.xx.xx set extintf "internet00" set portforward enable set mappedip "172.17.140.10" set extport 1234 set mappedport 1234 next end

# show firewall policy

edit 3 set name "Prod-Internet" set uuid e1c98f8a-2166-51e8-8624-2b9e345b1403 set srcintf "V140Prod" set dstintf "internet00" set srcaddr "Prod LAN" set dstaddr "all" set action accept set schedule "always" set service "ALL" set nat enable next

# diagnose sniffer packet any "host xx.xx.xx.xx and port 1234" interfaces=[any] filters=[host 96.47.78.180 and port 8006] 10.135034 re.mo.te.ip.62578 -> lo.ca.li.px.8006: syn 3017791575

...

# execute ping 172.17.140.10 PING 172.17.140.10 (172.17.140.10): 56 data bytes 64 bytes from 172.17.140.10: icmp_seq=0 ttl=64 time=0.5 ms

...