Hi Cesar / Yorel
I tried to do the same requirement using a different set of Public IP from a different ISP
What I did was
1. I used 122.169.115.236 (Public IP) instead of 219.64.95.39 and mapped it to 172.16.202.4 and took the logs .
2. Similiarily I mapped 122.169.115.236 to 172.16.202.148 and took the logs again.
3. After performing Step 1 , I removed the MIP Policy Untrust to trust then changed the hosted IP to the IP in Step 2 with Mapped IP
122.169.115.236
4. The Client Machine was connected to a different ISP not terminated on the firewall so that is behaves as a Client in Untrust Zone
What I observed that 172.16.202.148 was trying to connect via telnet but 172.16.202.4 had the same problem
Secondly
Earlier when I tried doing step 4 with 219.64.95.39 I didn't get any log on the firewall but from 122.169.115.236 atleast i am getting some logs from the firewall
59.90.211.9 - ISP IP which i am using to connect the MIP and this ISP is not terminated no the Firewall
Logs Output - while doing telnet for 172.16.202.4 via MIP
Remote Management Console
l
SSG320M-> set db size 4096
SSG320M-> set ff src-ip 0.0.0.0 dst-ip 122.169.115.236
filter added
SSG320M-> set ff src-ip 172.16.202.4 dst-ip 0.0.0.0
filter added
SSG320M-> cl db
SSG320M-> debug flow basic
SSG320M-> undebug all
SSG320M-> get db str
****** 4030319.0: <Untrust/ethernet0/3> packet received [52]******
ipid = 25037(61cd), @05737d74
packet passed sanity check.
ethernet0/3:59.90.211.9/1699->122.169.115.236/23,6<Root>
no session found
flow_first_sanity_check: in <ethernet0/3>, out <N/A>
chose interface ethernet0/3 as incoming nat if.
flow_first_routing: in <ethernet0/3>, out <N/A>
search route to (ethernet0/3, 59.90.211.9->172.16.202.4) in vr trust-vr for vs
d-0/flag-0/ifp-null
[ Dest] 10.route 172.16.202.4->192.168.1.1, to ethernet0/0
routed (x_dst_ip 172.16.202.4) from ethernet0/3 (ethernet0/3 in 0) to ethernet
0/0
policy search from zone 1-> zone 2
policy_flow_search policy search nat_crt from zone 1-> zone 10
RPC Mapping Table search returned 0 matched service(s) for (vsys Root, ip 122.
169.115.236, port 23, proto 6)
No SW RPC rule match, search HW rule
swrs_search_ip: policy matched id/idx/action = 38/17/0x9
Permitted by policy 38
No src xlate choose interface ethernet0/0 as outgoing phy if
no loop on ifp ethernet0/0.
session application type 10, name TELNET, nas_id 0, timeout 1800sec
ALG vector is not attached
service lookup identified service 0.
flow_first_final_check: in <ethernet0/3>, out <ethernet0/0>
existing vector list 113-39863d4.
Session (id:63833) created for first pak 113
flow_first_install_session======>
route to 192.168.1.1
arp entry found for 192.168.1.1
ifp2 ethernet0/0, out_ifp ethernet0/0, flag 00800800, tunnel ffffffff, rc 1
outgoing wing prepared, ready
handle cleartext reverse route
search route to (ethernet0/0, 172.16.202.4->59.90.211.9) in vr trust-vr for vs
d-0/flag-3000/ifp-ethernet0/3
[ Dest] 11.route 59.90.211.9->122.169.115.1, to ethernet0/3
route to 122.169.115.1
arp entry found for 122.169.115.1
ifp2 ethernet0/3, out_ifp ethernet0/3, flag 00800801, tunnel ffffffff, rc 1
flow got session.
flow session id 63833
tcp seq check.
get wsf 0 0
post addr xlation: 59.90.211.9->172.16.202.4.
flow_send_vector_, vid = 0, is_layer2_if=0
packet send out to 000f23606940 through ethernet0/0
****** 4030321.0: <Untrust/ethernet0/3> packet received [52]******
ipid = 25038(61ce), @05a57d74
packet passed sanity check.
ethernet0/3:59.90.211.9/1699->122.169.115.236/23,6<Root>
existing session found. sess token 4
flow got session.
flow session id 63833
tcp seq check.
get wsf 0 0
post addr xlation: 59.90.211.9->172.16.202.4.
flow_send_vector_, vid = 0, is_layer2_if=0
packet send out to 000f23606940 through ethernet0/0
****** 4030327.0: <Untrust/ethernet0/3> packet received [52]******
ipid = 25039(61cf), @05a68d74
packet passed sanity check.
ethernet0/3:59.90.211.9/1699->122.169.115.236/23,6<Root>
existing session found. sess token 4
flow got session.
flow session id 63833
tcp seq check.
get wsf 0 0
post addr xlation: 59.90.211.9->172.16.202.4.
flow_send_vector_, vid = 0, is_layer2_if=0
packet send out to 000f23606940 through ethernet0/0
****** 4030328.0: <Untrust/ethernet0/3> packet received [52]******
ipid = 47265(b8a1), @2d425914
packet passed sanity check.
ethernet0/3:122.169.32.227/63724->122.169.115.236/135,6<Root>
no session found
flow_first_sanity_check: in <ethernet0/3>, out <N/A>
chose interface ethernet0/3 as incoming nat if.
flow_first_routing: in <ethernet0/3>, out <N/A>
search route to (ethernet0/3, 122.169.32.227->172.16.202.4) in vr trust-vr for
vsd-0/flag-0/ifp-null
[ Dest] 10.route 172.16.202.4->192.168.1.1, to ethernet0/0
routed (x_dst_ip 172.16.202.4) from ethernet0/3 (ethernet0/3 in 0) to ethernet
0/0
policy search from zone 1-> zone 2
policy_flow_search policy search nat_crt from zone 1-> zone 10
RPC Mapping Table search returned 0 matched service(s) for (vsys Root, ip 122.
169.115.236, port 135, proto 6)
No SW RPC rule match, search HW rule
swrs_search_ip: policy matched id/idx/action = 38/17/0x9
Permitted by policy 38
No src xlate choose interface ethernet0/0 as outgoing phy if
no loop on ifp ethernet0/0.
session application type 68, name MSRPC_EPM, nas_id 0, timeout 1800sec
ALG vector is attached
service lookup identified service 68.
flow_first_final_check: in <ethernet0/3>, out <ethernet0/0>
existing vector list 193-39862b4.
Session (id:64007) created for first pak 193
flow_first_install_session======>
route to 192.168.1.1
arp entry found for 192.168.1.1
ifp2 ethernet0/0, out_ifp ethernet0/0, flag 00800800, tunnel ffffffff, rc 1
outgoing wing prepared, ready
handle cleartext reverse route
search route to (ethernet0/0, 172.16.202.4->122.169.32.227) in vr trust-vr for
vsd-0/flag-3000/ifp-ethernet0/3
[ Dest] 11.route 122.169.32.227->122.169.115.1, to ethernet0/3
route to 122.169.115.1
arp entry found for 122.169.115.1
ifp2 ethernet0/3, out_ifp ethernet0/3, flag 00800801, tunnel ffffffff, rc 1
flow got session.
flow session id 64007
tcp seq check.
get wsf 2 0
post addr xlation: 122.169.32.227->172.16.202.4.
flow_send_vector_, vid = 0, is_layer2_if=0
packet send out to 000f23606940 through ethernet0/0
****** 4030328.0: <Untrust/ethernet0/3> packet received [52]******
ipid = 47303(b8c7), @052b1d74
packet passed sanity check.
ethernet0/3:122.169.32.227/63762->122.169.115.236/445,6<Root>
no session found
flow_first_sanity_check: in <ethernet0/3>, out <N/A>
chose interface ethernet0/3 as incoming nat if.
flow_first_routing: in <ethernet0/3>, out <N/A>
search route to (ethernet0/3, 122.169.32.227->172.16.202.4) in vr trust-vr for
vsd-0/flag-0/ifp-null
[ Dest] 10.route 172.16.202.4->192.168.1.1, to ethernet0/0
routed (x_dst_ip 172.16.202.4) from ethernet0/3 (ethernet0/3 in 0) to ethernet
0/0
policy search from zone 1-> zone 2
policy_flow_search policy search nat_crt from zone 1-> zone 10
RPC Mapping Table search returned 0 matched service(s) for (vsys Root, ip 122.
169.115.236, port 445, proto 6)
No SW RPC rule match, search HW rule
swrs_search_ip: policy matched id/idx/action = 38/17/0x9
Permitted by policy 38
No src xlate choose interface ethernet0/0 as outgoing phy if
no loop on ifp ethernet0/0.
session application type 21, name SMB, nas_id 0, timeout 1800sec
ALG vector is not attached
service lookup identified service 0.
flow_first_final_check: in <ethernet0/3>, out <ethernet0/0>
existing vector list 113-39863d4.
Session (id:63826) created for first pak 113
flow_first_install_session======>
route to 192.168.1.1
arp entry found for 192.168.1.1
ifp2 ethernet0/0, out_ifp ethernet0/0, flag 00800800, tunnel ffffffff, rc 1
outgoing wing prepared, ready
handle cleartext reverse route
search route to (ethernet0/0, 172.16.202.4->122.169.32.227) in vr trust-vr for
vsd-0/flag-3000/ifp-ethernet0/3
[ Dest] 11.route 122.169.32.227->122.169.115.1, to ethernet0/3
route to 122.169.115.1
arp entry found for 122.169.115.1
ifp2 ethernet0/3, out_ifp ethernet0/3, flag 00800801, tunnel ffffffff, rc 1
flow got session.
flow session id 63826
tcp seq check.
get wsf 2 0
post addr xlation: 122.169.32.227->172.16.202.4.
flow_send_vector_, vid = 0, is_layer2_if=0
packet send out to 000f23606940 through ethernet0/0
Logs - while trying to do telnet on 172.16.202.148 via MIP
Remote Management Console
SSG320M-> set db size 4096
SSG320M-> set ff src-ip 0.0.0.0 dst-ip 122.169.115.236
filter added
SSG320M-> set ff src-ip 172.16.202.148 dst-ip 0.0.0.0
filter added
SSG320M-> cl db
SSG320M-> debug flow basic
SSG320M-> undebug all
SSG320M-> get db str
****** 4029795.0: <Untrust/ethernet0/3> packet received [52]******
ipid = 22105(5659), @05746d74
packet passed sanity check.
ethernet0/3:59.90.211.9/1666->122.169.115.236/23,6<Root>
no session found
flow_first_sanity_check: in <ethernet0/3>, out <N/A>
chose interface ethernet0/3 as incoming nat if.
flow_first_routing: in <ethernet0/3>, out <N/A>
search route to (ethernet0/3, 59.90.211.9->172.16.202.148) in vr trust-vr for
vsd-0/flag-0/ifp-null
[ Dest] 10.route 172.16.202.148->192.168.1.1, to ethernet0/0
routed (x_dst_ip 172.16.202.148) from ethernet0/3 (ethernet0/3 in 0) to ethern
et0/0
policy search from zone 1-> zone 2
policy_flow_search policy search nat_crt from zone 1-> zone 10
RPC Mapping Table search returned 0 matched service(s) for (vsys Root, ip 122.
169.115.236, port 23, proto 6)
No SW RPC rule match, search HW rule
swrs_search_ip: policy matched id/idx/action = 39/17/0x9
Permitted by policy 39
No src xlate choose interface ethernet0/0 as outgoing phy if
no loop on ifp ethernet0/0.
session application type 10, name TELNET, nas_id 0, timeout 1800sec
ALG vector is not attached
service lookup identified service 0.
flow_first_final_check: in <ethernet0/3>, out <ethernet0/0>
existing vector list 113-39863d4.
Session (id:63954) created for first pak 113
flow_first_install_session======>
route to 192.168.1.1
arp entry found for 192.168.1.1
ifp2 ethernet0/0, out_ifp ethernet0/0, flag 00800800, tunnel ffffffff, rc 1
outgoing wing prepared, ready
handle cleartext reverse route
search route to (ethernet0/0, 172.16.202.148->59.90.211.9) in vr trust-vr for
vsd-0/flag-3000/ifp-ethernet0/3
[ Dest] 11.route 59.90.211.9->122.169.115.1, to ethernet0/3
route to 122.169.115.1
arp entry found for 122.169.115.1
ifp2 ethernet0/3, out_ifp ethernet0/3, flag 00800801, tunnel ffffffff, rc 1
flow got session.
flow session id 63954
tcp seq check.
get wsf 0 0
post addr xlation: 59.90.211.9->172.16.202.148.
flow_send_vector_, vid = 0, is_layer2_if=0
packet send out to 000f23606940 through ethernet0/0
****** 4029795.0: <Trust/ethernet0/0> packet received [40]******
ipid = 23413(5b75), @0593bd74
packet passed sanity check.
ethernet0/0:172.16.202.148/23->59.90.211.9/1666,6, 5014(rst)<Root>
existing session found. sess token 3
flow got session.
flow session id 63954
tcp seq check.
flow_tcp_fin_vector()
post addr xlation: 122.169.115.236->59.90.211.9.
flow_send_vector_, vid = 0, is_layer2_if=0
packet send out to 00901a4215e5 through ethernet0/3
****** 4029796.0: <Untrust/ethernet0/3> packet received [52]******
ipid = 22106(565a), @059cfd74
packet passed sanity check.
ethernet0/3:59.90.211.9/1666->122.169.115.236/23,6<Root>
existing session found. sess token 4
flow got session.
flow session id 63954
tcp seq check.
get wsf 0 0
post addr xlation: 59.90.211.9->172.16.202.148.
flow_send_vector_, vid = 0, is_layer2_if=0
packet send out to 000f23606940 through ethernet0/0
****** 4029796.0: <Trust/ethernet0/0> packet received [40]******
ipid = 23414(5b76), @05941d74
packet passed sanity check.
ethernet0/0:172.16.202.148/23->59.90.211.9/1666,6, 5014(rst)<Root>
existing session found. sess token 3
flow got session.
flow session id 63954
tcp seq check.
flow_tcp_fin_vector()
post addr xlation: 122.169.115.236->59.90.211.9.
flow_send_vector_, vid = 0, is_layer2_if=0
packet send out to 00901a4215e5 through ethernet0/3
****** 4029796.0: <Untrust/ethernet0/3> packet received [52]******
ipid = 22107(565b), @05937574
packet passed sanity check.
ethernet0/3:59.90.211.9/1666->122.169.115.236/23,6<Root>
existing session found. sess token 4
flow got session.
flow session id 63954
tcp seq check.
get wsf 0 0
post addr xlation: 59.90.211.9->172.16.202.148.
flow_send_vector_, vid = 0, is_layer2_if=0
packet send out to 000f23606940 through ethernet0/0
****** 4029796.0: <Trust/ethernet0/0> packet received [40]******
ipid = 23416(5b78), @05944574
packet passed sanity check.
ethernet0/0:172.16.202.148/23->59.90.211.9/1666,6, 5014(rst)<Root>
existing session found. sess token 3
flow got session.
flow session id 63954
tcp seq check.
flow_tcp_fin_vector()
post addr xlation: 122.169.115.236->59.90.211.9.
flow_send_vector_, vid = 0, is_layer2_if=0
packet send out to 00901a4215e5 through ethernet0/3