Hi,
Thank you rseibert and nikolay.semov for suggestions but issue is still not resolved. I have done packet capture on both WebUI and used debug as suggested. What I've noticed is that PING is working fine for both MIP and Untrust Interface and i was able to capture the traffic.
But when i try to access either MIP or Untrust interface IP via HTTP or HTTPS i dont see any traffic. Debug output is blank. Telnet to the IP on 80/443 yeilds the message - " Connecting To X.X.X.X...Could not open connection to the host, on port 80: Connect failed "
Also i was not able to make/add MIP as proxy arp to Untrust interface. It gives below error.
set interface eth0/0 proxy-arp-entry X.X.X.X
###Error, one IP in range [X.X.X.X - X.X.X.X] is used by mip/dip/vip!
So how would i make an proxy arp entry.
Also i tried with disabaling Screeen on both Untrust and Trust interface, no change in output.
Since PING is working i dont think it could be a issue with ARP. Please suggest.
Partial Output of - get db stream for PING (S.S.S.254 - Source ; X.X.X.X - Destination ; G.G.G.134 - Gateway)
****** 78937.0: <Untrust/ethernet0/0> packet received [60]******
ipid = 24928(6160), @03861950
packet passed sanity check.
flow_decap_vector IPv4 process
ethernet0/0: S.S.S.254/28642->X.X.X.X/1,1(8/0)<Root>
no session found
flow_first_sanity_check: in <ethernet0/0>, out <N/A>
[ Dest] 5.route S.S.S.254->G.G.G.134, to ethernet0/0
chose interface ethernet0/0 as incoming nat if.
flow_first_routing: in <ethernet0/0>, out <N/A>
search route to (ethernet0/0, S.S.S.254->192.168.39.47) in vr trust-vr for vsd-0/flag-0/ifp-null
cached route 0 for 192.168.39.47
add route 3 for 192.168.39.47 to route cache table
[ Dest] 3.route 192.168.39.47->192.168.39.47, to bgroup0
routed (x_dst_ip 192.168.39.47) from ethernet0/0 (ethernet0/0 in 0) to bgroup0
policy search from zone 1-> zone 2
policy_flow_search policy search nat_crt from zone 1-> zone 10
RPC Mapping Table search returned 0 matched service(s) for (vsys Root, ip X.X.X.X, port 56696, proto 1)
No SW RPC rule match, search HW rule
swrs_search_ip: policy matched id/idx/action = 21/1/0x9
Permitted by policy 21
No src xlate choose interface bgroup0 as outgoing phy if
no loop on ifp bgroup0.
session application type 0, name None, nas_id 0, timeout 60sec
service lookup identified service 0.
flow_first_final_check: in <ethernet0/0>, out <bgroup0>
existing vector list 1-44c2c74.
Session (id:7212) created for first pak 1
flow_first_install_session======>
route to 192.168.39.47
cached arp entry with MAC 000000000000 for 192.168.39.47
add arp entry with MAC 4c72b942e2cf for 192.168.39.47 to cache table
arp entry found for 192.168.39.47
ifp2 bgroup0, out_ifp bgroup0, flag 00800800, tunnel ffffffff, rc 1
outgoing wing prepared, ready
handle cleartext reverse route
search route to (bgroup0, 192.168.39.47->S.S.S.254) in vr trust-vr for vsd-0/flag-3000/ifp-ethernet0/0
cached route 5 for S.S.S.254
[ Dest] 5.route S.S.S.254->G.G.G.134, to ethernet0/0
route to G.G.G.134
cached arp entry with MAC 4a1d7062978b for G.G.G.134
arp entry found for G.G.G.134
ifp2 ethernet0/0, out_ifp ethernet0/0, flag 00800801, tunnel ffffffff, rc 1
flow got session.
flow session id 7212
flow_main_body_vector in ifp ethernet0/0 out ifp bgroup0
flow vector index 0x1, vector addr 0x20f2a18, orig vector 0x20f2a18
post addr xlation: S.S.S.254->192.168.39.47.