Respond to NAT balance log messages

Logs that contain NAT balance messages indicate that connections were dropped when the Firewall tried to forward the connections after applying NAT.

NAT balance messages are shown in the logs when a connection has been allowed, the Firewall has applied a NAT rule that defines source and/or destination translation, and the traffic has been forwarded according to the Firewall’s routing configuration, but a reply is never received.

Steps

  1. If NAT is applied to the connection in error, adjust your NAT rules accordingly. It is also possible to create a NAT rule that defines no translation to disable NAT for any matching connection.
  2. Make sure that the Firewall routes the traffic correctly. The routing decision is made based on the translated destination IP address.
  3. Make sure that the destination host is up and providing the requested service, and that any intermediary Firewall allows the connection.
  4. Try to trace the path that the communications take and use traffic captures as necessary to find the point of failure.