block intra zone trafic is not enabled on the interface nor in the zone. debug tcp basic gives
****** 2561915.0: <Trust/ethernet0/0> packet received [1456]******
ipid = 55979(daab), @0504ab74
packet passed sanity check.
ethernet0/0:10.1.245.71/2447->192.121.194.70/80,6<Root>
existing session found. sess token 4
flow got session.
flow session id 47493
tcp seq check.
post addr xlation: 77.72.100.158->192.121.194.70.
flow_send_vector_, vid = 0, is_layer2_if=0
****** 2561915.0: <Trust/ethernet0/0> packet received [532]******
ipid = 55980(daac), @05033b74
packet passed sanity check.
flow got session.
flow session id 48013
tcp seq check.
post addr xlation: 213.153.117.10->10.1.245.37.
flow_send_vector_, vid = 0, is_layer2_if=0
****** 2561915.0: <Untrust/ethernet0/2> packet received [1500]******
ipid = 58100(e2f4), @048dc374
packet passed sanity check.
ethernet0/2:194.14.33.50/80->77.72.100.158/23210,6<Root>
existing session found. sess token 6
flow got session.
flow session id 46650
tcp seq check.
post addr xlation: 194.14.33.50->10.1.244.25.
****** 2561915.0: <Untrust/ethernet0/2> packet received [1209]******
ipid = 58101(e2f5), @048dfb74
packet passed sanity check.
ethernet0/2:194.14.33.50/80->77.72.100.158/23210,6<Root>
existing session found. sess token 6
flow got session.
flow session id 46650
tcp seq check.
151.197.227->10.255.254.10.
flow_send_vector_, vid = 0, is_layer2_if=0
****** 2561916.0: <Trust/ethernet0/0> packet received [40]******
ipid = 17369(43d9), @0497eb74
packet passed sanity check.
ethernet0/0:10.255.254.10/2739->194.151.197.227/80,6<Root>
existing session found. sess token 4
flow got session.
flow session id 46553
tcp seq check.
post addr xlation: 77.72.100.158->194.151.197.227.
flow_send_vector_, vid = 0, is_layer2_if=0
****** 2561916.0: <Trust/ethernet0/0> packet received [40]******
ipid = 17378(43e2), @0496cb74
packet passed sanity check.
ethernet0/0:10.255.254.10/2739->194.151.197.227/80,6<Root>
existing session found. sess token 4
flow got session.
flow session id 46553
tcp seq check.
post addr xlation: 77.72.100.158->194.151.197.227.
flow_send_vector_, vid = 0, is_layer2_if=0
s_layer2_if=0
****** 2561918.0: <Untrust/ethernet0/2> packet received [1420]******
ipid = 13168(3370), @04bbe374
packet passed sanity check.
ethernet0/2:213.153.117.10/80->77.72.100.158/21291,6<Root>
existing session found. sess token 6
flow got session.
flow session id 46220
tcp seq check.
post addr xlation: 213.153.117.10->10.1.245.37.
flow_send_vector_, vid = 0, is_layer2_if=0
****** 2561918.0: <Trust/ethernet0/0> packet received [40]******
ipid = 45992(b3a8), @04bc9b74
packet passed sanity check.
ethernet0/0:10.1.245.37/2548->213.153.117.10/80,6<Root>
existing session found. sess token 4
flow got session.
flow session id 46220
tcp seq check.
post addr xlation: 77.72.100.158->213.153.117.10.
flow_send_vector_, vid = 0, is_layer2_if=0
****** 2561918.0: <Trust/ethernet0/0> packet received [40]******
227->10.255.254.10.
flow_send_vector_, vid = 0, is_layer2_if=0
****** 2561919.0: <Untrust/ethernet0/2> packet received [1492]******
ipid = 31471(7aef), @04c77374
packet passed sanity check.
ethernet0/2:194.151.197.227/80->77.72.100.158/23733,6<Root>
existing session found. sess token 6
flow got session.
flow session id 46553
tcp seq check.
post addr xlation: 194.151.197.227->10.255.254.10.
flow_send_vector_, vid = 0, is_layer2_if=0
****** 2561919.0: <Untrust/ethernet0/2> packet received [68]******
ipid = 28049(6d91), @04c8a374
packet passed sanity check.
ethernet0/2:65.54.228.51/1863->77.72.100.158/21331,6<Root>
existing session found. sess token 6
flow got session.
flow session id 47683
av/uf/voip checking.
asp vector processing state: 2
ASP inject packet from ethernet0/0
255.254.10/2739->194.151.197.227/80,6<Root>
existing session found. sess token 4
flow got session.
flow session id 46553
tcp seq check.
post addr xlation: 77.72.100.158->194.151.197.227.
flow_send_vector_, vid = 0, is_layer2_if=0
****** 2561920.0: <Trust/ethernet0/0> packet received [48]******
ipid = 4372(1114), @04d8d374
packet passed sanity check.
ethernet0/0:10.1.5.20/1904->192.168.16.101/1352,6<Root>
no session found
flow_first_sanity_check: in <ethernet0/0>, out <N/A>
chose interface ethernet0/0 as incoming nat if.
flow_first_routing: in <ethernet0/0>, out <N/A>
search route to (ethernet0/0, 10.1.5.20->192.168.16.101) in vr trust-vr for vsd-0/flag-0/ifp-null
[ Dest] 44.route 192.168.16.101->10.1.5.4, to ethernet0/0
routed (x_dst_ip 192.168.16.101) from ethernet0/0 (ethernet0/0 in 0) to ethernet0/0
policy search from zone 2-> zone 2
policy_flow_search policy search nat_crt from zone 2-> zone 2
RPC Mapping Table search returned 0 matched service(s) for (vsys Root, ip 192.168.16.101, port 1352, proto 6)
No SW RPC rule match, search HW rule
ion found. sess token 4
flow got session.
flow session id 46553
tcp seq check.
post addr xlation: 77.72.100.158->194.151.197.227.
flow_send_vector_, vid = 0, is_layer2_if=0
****** 2561921.0: <Trust/ethernet0/0> packet received [40]******
ipid = 20074(4e6a), @04f3b374
packet passed sanity check.
ethernet0/0:10.255.254.10/2739->194.151.197.227/80,6<Root>
existing session found. sess token 4
flow got session.
flow session id 46553
tcp seq check.
post addr xlation: 77.72.100.158->194.151.197.227.
flow_send_vector_, vid = 0, is_layer2_if=0
****** 2561921.0: <Trust/ethernet0/0> packet received [40]******
ipid = 20075(4e6b), @04f52374
packet passed sanity check.
ethernet0/0:10.255.254.10/2739->194.151.197.227/80,6<Root>
existing session found. sess token 4
flow got session.
fw01-> get dbuf stream ?
> redirect output
| match output
<return>
all from all slots
<number> percentage offset of debug buffer(0-99)
fw01-> get dbuf stream |10.1.5.107
^-------------invalid number |10.1.5.107
fw01-> get dbuf stream | ?
exclude exclude pattern
include include pattern
fw01-> get dbuf stream | in
include include pattern
fw01-> get dbuf stream | include ?
<string> regular expression
fw01-> get dbuf stream | include 10.1.5.107
fw01-> get dbuf stream | include 10.1.5.107
ethernet0/0:10.1.5.107/1024->10.3.1.163/18432,1(0/0)<Root>
search route to (ethernet0/0, 10.1.5.107->10.3.1.163) in vr trust-vr for vsd-0/flag-0/ifp-null
search route to (ethernet0/0, 10.3.1.163->10.1.5.107) in vr trust-vr for vsd-0/flag-3000/ifp-ethernet0/0
[ Dest] 32.route 10.1.5.107->10.1.5.107, to ethernet0/0
route to 10.1.5.107
arp entry found for 10.1.5.107
post addr xlation: 10.1.5.107->10.3.1.163.
fw01-> get dbuf stream | include 10.1.5.107
fw01-> get dbuf stream | include 10.1.5.107
fw01-> get dbuf stream | include 10.1.5.107
fw01-> get dbuf stream | include 10.1.5.107
fw01-> get dbuf stream | include 10.1.5.107
fw01-> get dbuf stream | include 10.1.5.107
fw01-> get dbuf stream | include 10.1.5.107
ethernet0/0:10.1.5.107/3815->10.12.1.25/80,6, 5004(rst)<Root>
fw01-> get dbuf stream | include 10.1.5.107
fw01-> get dbuf stream | include 10.1.5.107
fw01-> get dbuf stream | include 10.1.5.107
fw01-> get dbuf stream | include 10.1.5.107
fw01-> get dbuf stream | include 10.1.5.107
fw01-> get dbuf stream | include 10.1.5.107
fw01-> get dbuf stream | include 10.1.5.107
fw01-> get dbuf stream | include 10.1.5.107
fw01-> get dbuf stream | include 10.1.5.107
fw01-> get dbuf stream | include 10.1.5.107
fw01-> get dbuf stream | include 10.1.5.107
fw01-> get dbuf stream | include 10.1.5.107
fw01-> get dbuf stream | include 10.1.5.107
ethernet0/0:10.1.5.107/3389->10.3.1.163/1998,6<Root>
**** jump to packet:10.3.1.163->10.1.5.107
flow_ip_send: 5f76:10.3.1.163->10.1.5.107,6 => ethernet0/0(40) flag 0x0, vlan 0
search route to (null, 0.0.0.0->10.1.5.107) in vr trust-vr for vsd-0/flag-2000/ifp-ethernet0/0
[ Dest] 32.route 10.1.5.107->10.1.5.107, to ethernet0/0
route to 10.1.5.107
arp entry found for 10.1.5.107 mac 0019bb253ca5
fw01-> get dbuf stream | include 10.1.5.107
fw01->
fw01-> get dbuf stream | include 10.1.5.107
ethernet0/0:10.1.5.107/3835->10.22.1.25/80,6, 5004(rst)<Root>
fw01-> get dbuf stream | include 10.1.5.107
fw01->
fw01-> get dbuf stream | include 10.1.5.107
fw01-> get dbuf stream | include 10.1.5.107
fw01-> get dbuf stream | include 10.1.5.107
ethernet0/0:10.1.5.107/3389->10.3.1.163/1999,6<Root>
**** jump to packet:10.3.1.163->10.1.5.107
flow_ip_send: 5b55:10.3.1.163->10.1.5.107,6 => ethernet0/0(40) flag 0x0, vlan 0
search route to (null, 0.0.0.0->10.1.5.107) in vr trust-vr for vsd-0/flag-2000/ifp-ethernet0/0
[ Dest] 32.route 10.1.5.107->10.1.5.107, to ethernet0/0
route to 10.1.5.107
arp entry found for 10.1.5.107 mac 0019bb253ca5
fw01-> get dbuf stream | include 10.1.5.107
fw01->
Where the client has 10.3.1.163 and the server got 10.1.5.107 and I'm trying to use rdp (tcp 3389)
Any suggestions?
Best regards
Lelle