Ok i have been doing some debugging:
****** 32043836.0: <Trust/ethernet1> packet received [52]******
ipid = 31145(79a9), @c7d0b110
packet passed sanity check.
ethernet1:10.1.1.3/61558->72.233.89.199/80,6<Root>
no session found
flow_first_sanity_check: in <ethernet1>, out <N/A>
chose interface ethernet1 as incoming nat if.
flow_first_routing: in <ethernet1>, out <N/A>
search route to (ethernet1, 10.1.1.3->72.233.89.199) in vr trust-vr for vsd-0/flag-0/ifp-null
PBR lookup params: dst-ip: 72.233.89.199, src-ip: 10.1.1.3, dst-port: 80, src-port: 61558, protocol: 6, dscp: 0
[PBR route] 18.route 72.233.89.199->212.71.0.45, to ethernet4
routed (x_dst_ip 72.233.89.199) from ethernet1 (ethernet1 in 0) to ethernet4
policy search from zone 2-> zone 100
policy_flow_search policy search nat_crt from zone 2-> zone 100
RPC Mapping Table search returned 0 matched service(s) for (vsys Root, ip 72.233.89.199, port 80, proto 6)
No SW RPC rule match, search HW rule
Permitted by policy 199
No src xlate choose interface ethernet4 as outgoing phy if
no loop on ifp ethernet4.
session application type 6, name HTTP, nas_id 0, timeout 300sec
service lookup identified service 0.
flow_first_final_check: in <ethernet1>, out <ethernet4>
existing vector list 3-31faac0.
Session (id:19677) created for first pak 3
flow_first_install_session======>
route to 212.71.0.45
serial or adsl or ml if, nsp ready.
nsp2 wing prepared, ready
cache mac in the session
make_nsp_ready_no_resolve()
search route to (ethernet4, 72.233.89.199->10.1.1.3) in vr trust-vr for vsd-0/flag-3000/ifp-ethernet1
[ Dest] 1.route 10.1.1.3->10.1.1.3, to ethernet1
route to 10.1.1.3
flow got session.
flow session id 19677
adjust tcp mss.
Got syn, 10.1.1.3(61558)->72.233.89.199(80), nspflag 0x801801, 0x2800
send out through normal path.
flow_ip_send: 79a9:10.1.1.3->72.233.89.199,6 => ethernet4(52) flag 0x0, vlan 0
send packet to traffic shaping queue.
****** 32043839.0: <Trust/ethernet1> packet received [52]******
ipid = 31193(79d9), @c7d06910
packet passed sanity check.
ethernet1:10.1.1.3/61558->72.233.89.199/80,6<Root>
existing session found. sess token 4
flow got session.
flow session id 19677
adjust tcp mss.
Got syn, 10.1.1.3(61558)->72.233.89.199(80), nspflag 0x801801, 0x2800
send out through normal path.
flow_ip_send: 79d9:10.1.1.3->72.233.89.199,6 => ethernet4(52) flag 0x0, vlan 0
send packet to traffic shaping queue.
flow_ip_send: 79d9:10.1.1.3->72.233.89.199,6 => ethernet4(52) flag 0x20000, vlan 0
pak has mac
Send to ethernet4 (74)
Debugging and logging saved the day.
Logging of policy 199 (from trust to edpnet any) showed that SOURCE NAT was not being applied.
I think this is strange because i have NAT enabled on my trust interface. Must be a PBR thing.
I have now enabled SOURCE NAT on my policy and it's working !
Thanks for all the help !