When the traffic from M9000 cannot return after going out to the public network, how to troubleshoot?
2023-12-30 23:05:33
Published
- 0 Followed
- 0Collected ,3326Browsed
Network Topology
Clinet--SW-M9000--ISP
Problem Description
The client cannot goto internet. The response traffic from is received by M9000. And M9000 didn't send the packet out.
Process Analysis
1. chcek DPI. bypass DPI for troubleshooing. Issue still there.
2. check nat session. The M9000 have the nat session for client, but slot1(where receive the response traffic) dosen't have the natsession. And the FW will add a black-hole route for th nat ip address. Hence the traffic will not match the nat session and will be dropped by the black-hole.
3. why the nat session isn't synchronized between slots?Because the firmware version is not the same.
Solution
upgrade the firmware version to the same one, and the nat session will be synchronized between slots.