Port mapping unsuccessful

Publication Date:  2012-09-13 Views:  299 Downloads:  0
Issue Description
The device of usg2130 cannot visit internal network resource using SSReader by PC testing in external environment.

Topology: server-----usg2130----Internet-----pc
Alarm Information
NULL
Handling Process

Look up the session contrast on the firewall when the SSReader is opened and not opened by user public address.
There is a 8057 TCP port more when opening the soft.
[fg_usg_2130]dis fire session table low-priority global 116.23.104.51
tcp:192.168.1.48:8055[61.145.63.62:8055]<--116.23.104.51:46488
tcp:192.168.1.48:8055[61.145.63.62:8055]<--116.23.104.51:46495
tcp:192.168.1.48:8055[61.145.63.62:8055]<--116.23.104.51:46497
tcp:192.168.1.48:8055[61.145.63.62:8055]<--116.23.104.51:46486
tcp:192.168.1.48:8055[61.145.63.62:8055]<--116.23.104.51:46509
tcp:192.168.1.48:8055[61.145.63.62:8055]<--116.23.104.51:46494
tcp:192.168.1.48:8055[61.145.63.62:8055]<--116.23.104.51:46490
tcp:192.168.1.48:8055[61.145.63.62:8055]<--116.23.104.51:46507
tcp:192.168.1.48:8055[61.145.63.62:8055]<--116.23.104.51:46504
tcp:192.168.1.48:8055[61.145.63.62:8055]<--116.23.104.51:46493
tcp:192.168.1.48:8055[61.145.63.62:8055]<--116.23.104.51:46492
tcp:192.168.1.48:8055[61.145.63.62:8055]<--116.23.104.51:46487
tcp:192.168.1.48:8055[61.145.63.62:8055]<--116.23.104.51:46491
tcp:192.168.1.48:8055[61.145.63.62:8055]<--116.23.104.51:46489
tcp:192.168.1.48:8055[61.145.63.62:8055]<--116.23.104.51:46505
[fg_usg_2130]dis fire session table low-priority global 116.23.104.51
tcp:192.168.1.48:8055[61.145.63.62:8055]<--116.23.104.51:46538
tcp:192.168.1.48:8055[61.145.63.62:8055]<--116.23.104.51:46528
tcp:61.145.63.62:8057<--116.23.104.51:46545
tcp:192.168.1.48:8055[61.145.63.62:8055]<--116.23.104.51:46531
tcp:192.168.1.48:8055[61.145.63.62:8055]<--116.23.104.51:46527
tcp:192.168.1.48:8055[61.145.63.62:8055]<--116.23.104.51:46524
tcp:61.145.63.62:8057<--116.23.104.51:46548
tcp:192.168.1.48:8055[61.145.63.62:8055]<--116.23.104.51:46544
tcp:192.168.1.48:8055[61.145.63.62:8055]<--116.23.104.51:46525
tcp:192.168.1.48:8055[61.145.63.62:8055]<--116.23.104.51:46535
tcp:192.168.1.48:8055[61.145.63.62:8055]<--116.23.104.51:46542
tcp:192.168.1.48:8055[61.145.63.62:8055]<--116.23.104.51:46536
tcp:192.168.1.48:8055[61.145.63.62:8055]<--116.23.104.51:46543
tcp:192.168.1.48:8055[61.145.63.62:8055]<--116.23.104.51:46540
tcp:192.168.1.48:8055[61.145.63.62:8055]<--116.23.104.51:46541
tcp:61.145.63.62:8057<--116.23.104.51:46549
tcp:192.168.1.48:8055[61.145.63.62:8055]<--116.23.104.51:46529
tcp:192.168.1.48:8055[61.145.63.62:8055]-->116.23.104.51:46539
tcp:192.168.1.48:8055[61.145.63.62:8055]<--116.23.104.51:46532
tcp:61.145.63.62:8057<--116.23.104.51:46547
tcp:192.168.1.48:8055[61.145.63.62:8055]<--116.23.104.51:46530
tcp:61.145.63.62:8057<--116.23.104.51:46546
tcp:192.168.1.48:8055[61.145.63.62:8055]<--116.23.104.51:46533
Root Cause
The user described that the soft communicates with internal server using TCP:8055 port. And make the port mapping on the firewall, Nat server protocol tcp global 61.145.63.62 8055 inside 192.168.1.48 8055. The traffic cannot Passover. The user considers that firewall failure makes they cannot visit the operation. Device of other manufacturer there is not the phenomenon like this.
Suggestions
The operation recovered after adding TCP:8057 port by mapping.

Summary: The users’ information feedback should be attested by testing when dealing with users’ problem. Check the authenticity of users’ information feedback.

END