No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search


To have a better experience, please upgrade your IE browser.


Usg5320 do telnet address mapping ,using private address can telnet to the server, use external network address can’t

Publication Date:  2019-07-09 Views:  374 Downloads:  0

Issue Description

usg5320 do nat server mapping to a private network server , using private IP addresses in the private network can telnet to the server, but can not telnet to the server using the external network address.
Alarm Information

Alarm Information


Handling Process

1.View packet filtering and related configuration, no problems
2.Check the acl list: in the rules, order to control allow access to the server address range is behind the rule “rule deny ip”, can not hit acl.
3.Need to publish the telnet server and initiate telnet connection address belong to the same trust domain, and domain nat the acl check references found the source and destination addresses in the acl belong to different domains.

Root Cause

1. May interzone packet filtering is not open;
2. May Acl rules improper filtration;
3. Private network segment and do the telnet server address mapping belong to a security domain;
4.Within the nat configuration is correct or not.


1.The user adjust the acl order, to ensure acl able to be hit;
2.Change acl within the domain for the source and destination addresses in the same domain.
Summary: Note the matching order in acl configuration; .attention to check the source and destination are correct or not.