Thanks so much for replying
Supposing the internal Secure Access address as 192.168.1.1/32 and external public IP as 1.1.1.1/32, configuration we made is the usual one for destination NAT:
set security nat destination pool SecureAccess address 192.168.1.1/32
set security nat destination pool SecureAccess address port 443
set security nat destination rule-set test-1 rule DestNAT-SA match source-address 0.0.0.0/0
set security nat destination rule-set test-1 rule DestNAT-SA match destination-address 1.1.1.1/32
set security nat destination rule-set test-1 rule DestNAT-SA match destination-port 8080
set security nat destination rule-set test-1 rule DestNAT-SA then destination-nat pool SecureAccess
I make connection attempts from the outside, supposing a public IP 2.2.2.2, and security flow sessions show as follows:
show security flow session source-prefix 2.2.2.2
Session ID: 127, Policy name: 170/4, Timeout: 14, Valid
In: 2.2.2.2/49270 --> 1.1.1.1/8080;tcp, If: reth1.0, Pkts: 3, Bytes: 152
Out: 192.168.1.1/443 --> 2.2.2.2/49270;tcp, If: reth0.0, Pkts: 0, Bytes: 0
Session ID: 185, Policy name: 170/4, Timeout: 14, Valid
In: 2.2.2.2/49271 --> 1.1.1.1/8080;tcp, If: reth1.0, Pkts: 0, Bytes: 0
Out: 192.168.1.1/443 --> 2.2.2.2/49271;tcp, If: reth0.0, Pkts: 0, Bytes: 0
Policy 170 is an "any any any permit" policy from Untrust security zone (which interface reth1.0 belongs to) to Trust security zone (which interface reth0.0 belongs to).
I really hope you may give me some direction on how to possibly resolve this issue. If I set the external NAT port as 443 instead of 8080, connection establishes successfully (set security nat destination rule-set test-1 rule DestNAT-SA match destination-port 443), but we need to set up the external address as 8080 cause 443 is already assigned to another destination NAT.