We have a SSG5 as a perimeter firewall to the Internet... recently we started experiencing problems where we would loose packages to the Internet, all of a sudden, without any apparent reason, making navigation impossible.
The only imediate solution is to re-route Internet through MPLS to another site of ours. We leave like that for a couple days, then we route back to the local link and everything goes smooth for a day or two, then goes south again.
The local Internet is interfaced at the SSG5 with a configuration mode of NAT (instead of ROUTER). We do have policies configured for Internet access, other than the interface is also set as NAT in interface mode.
Another info: If a user sets a vacant public address in their station, even though the regular user is loosing packages in the local link, that user with the privileged IP gets out normally, without any issues.
Any clues folks? This one is making our lives (IT team) hard around here... a lot of VIP users in that specific branch...
Thanks right away for any help.