![]() If you have NAT port exhaustion for connections whose NAT pools differ only in the destination port, and those destination ports are not present in the kernel table, then adding them to the kernel table might solve the NAT port exhaustion.įor example, a server that handles two services, one on dport 555 and one on dport 556. Generally speaking, it is not recommended to modify this kernel table, except in this case: The properties of the kernel table ' xlate_use_dport_services' are configured in the file f - including the destination ports which are used in the NAT pool (for all other destination ports, the value 0 is used).įor general information about the f file and its location, see sk98339.īy default, the kernel table ' xlate_use_dport_services' contains common ports and protocols, for which a Security Gateway might exhaust its available NAT ports. The kernel table 'xlate_use_dport_services' If a Security Gateway uses GNAT, the destination port ('dport') is part of the pool, but it can still be 0, if the specific destination port is not present in the xlate_use_dport_services kernel table. If a Security Gateway uses static NAT port allocation, the destination port ('dport') is not part of the pool. The use of a destination port in the NAT pool If we use static port allocation, we use the 3-tuple: For example, the 2 NAT pools and are different because their destination IP addresses are different. Two connections can get the same port if their pools are different (at least one of the values is different). These properties are: IP protocol, Hide Source IP address, Destination IP address, and Destination Port (Destination Port is not always used, as explained below). To solve this issue, configure "Hide behind range" as described in sk140432. What is the format of the "NAT Exhausted Pool" label? Two connections can get the same port, if their NAT pools are different (at least one of the values is different). These properties are: IP protocol, Hide Source IP address, Destination IP address. When a Security Gateway allocates a source port for a Hide NAT operation, it can allocate the same port for different connections, as long as certain properties of the connections are different. Jumbo Hotfix Accumulator for R80.10 from Take 259.Jumbo Hotfix Accumulator for R80.20 from Take 127.Jumbo Hotfix Accumulator for R80.30 from Take 107. ![]() This feature is implemented starting from:
0 Comments
Leave a Reply. |