SNAT table clean up

Konstantin Posted 16 Dec 2022 23:53

Is it possible to clean up NAT table?
When I change SNAT rules (disable/enable/delete/create) some traffic continue to work infinitely.
For instance ICMP traffic newer stop when I disable NAT rule it continues to use NAT even if it was deleted. I checked by tcpdump - yes it stil translating IP!!!

Khawar Posted 17 Dec 2022 13:23
It must be in your cache. Clear the cache then check.
Konstantin Posted 17 Dec 2022 14:46
It could be chache on an NGAF so I'm asking how to clean it...
But it could NOT be chache on endpoint.

This is working NAT rule:
ICMP and HTTP/S are ok

This is disabed NAT:

Ping are stil ok (but must be stoped)
HTTP blocked

Tcpdump shows that ICMP packects are stil NATed.
Konstantin Posted 17 Dec 2022 15:06
After NGAF reboot thigs getting more strange:
Just after rebbot:


In tcpdump mode everything works:


rivsy Posted 17 Dec 2022 20:08
Did you check the whole configuration if need to change some of the configuration. The last resort a clean configuration
RegiBoy Posted 18 Dec 2022 13:31
You must delete the NAT policy to stop the translation
Naomi Posted 18 Dec 2022 13:41
No traffic is infinite if where talking about NAT.
LucyHeart Posted 18 Dec 2022 13:47
You can clear the cache
Happpy Posted 18 Dec 2022 13:48
You have some kind of looping.
Robin Posted 18 Dec 2022 13:57
It should stop if you delete the policy. Please check it again or you have may NAT configurations

