HI,
Here is the debug output:
****** 1464660.0: <Untrust/ethernet0/2> packet received [52]******
ipid = 31361(7a81), @2e6f9910
packet passed sanity check.
ethernet0/2:4.4.4.1/2801->1.1.1.40/3389,6<Root>
no session found
flow_first_sanity_check: in <ethernet0/2>, out <N/A>
chose interface ethernet0/2 as incoming nat if.
flow_first_routing: in <ethernet0/2>, out <N/A>
search route to (ethernet0/2, 4.4.4.1->1.1.1.40) in vr untrust-vr for vsd-0/flag-0/ifp-null
[ Dest] 3.route 1.1.1.40->1.1.1.40, to ethernet0/1
routed (x_dst_ip 1.1.1.40) from ethernet0/2 (ethernet0/2 in 0) to ethernet0/1
policy search from zone 1-> zone 3
policy_flow_search policy search nat_crt from zone 1-> zone 3
RPC Mapping Table search returned 0 matched service(s) for (vsys Root, ip 1.1.1.40, port 3389, proto 6)
No SW RPC rule match, search HW rule
Searching global policy.
packet dropped, denied by policy
It looks like the MIP doesn't work on DMZ interface(it doesn't redirect to 192.168.152.22, it remains with public ip from DMZ and it doesn't find a host with 1.1.1.40 so it drops the packet).
Regards,
TCP.