This shows a virtual server 'test_VS' configured after the central NAT was enabled.
The Virtual server does not need to be referenced anywhere.
However, we need to ensure that we are adding a firewall policy, ensuring that both the real servers are allowed as destination, and the port they are listening on needs to be allowed.
One can use the debug flow filters to check if the traffic is hitting the correct policy and if it’s being DNAT-ed correctly to the real servers address.# diagnose debug flow filter clearThat debug flow will clearly show the policy the traffic is matching (first packet only).
# diagnose debug flow filter saddr x.x.x.x
# diagnose debug flow filter trace start 1000
# diagnose debug console timestamp enable
# diagnose debug enable
The debug will also show the destination address changing to the real server that is active.As per the example it would be 192.168.1.2.