Steve, thanks for the response. I have added the PBR as instructed and I also enabled ARP but I am still getting the same results. I added all of the details below so hopefully we can get this resolved. Thanks again for all of your help on this.
ARP ENABLED
2018-02-12 12:22:03 notif ARP always on destination enabled
Interface
Interface List Page
| | | Name | IP/Netmask | Zone | Type | Link | PPPoE |
|---|
| ethernet1 | 192.168.0.1/24 | Trust | Layer3 | Up | - |
|---|
| ethernet2 | 192.168.100.1/24 | DMZ | Layer3 | Up | - |
|---|
| ethernet3 | 24.24.24.69/24 | Untrust | Layer3 | Up | - |
|---|
| ethernet4 | 212.24.24.42/29 | Untrust | Layer3 | Up | - |
|---|
|
Interface: Ethernet4 (212.24.24.42/29)
Dynamic IP List Page
| | | ID | IP Address Range | DIP Type | Configure |
|---|
| 5 | 212.24.24.45--212.24.24.45 | Port-Xlate | In use |
|
Destination
Network Routing Table List Page
| trust-vr | | | IP/Netmask | Gateway | Interface | Protocol | Preference | Metric | Vsys | Configure |
|---|
| * | 192.168.0.0/24 | | ethernet1 | C | | | Root | - | | * | 192.168.0.1/32 | | ethernet1 | H | | | Root | - | | * | 24.24.24.0/24 | | ethernet3 | C | | | Root | - | | * | 24.24.24.68/32 | | ethernet3 | H | | | Root | - | | * | 212.24.24.40/29 | | ethernet4 | C | | | Root | - | | * | 212.24.24.42/32 | | ethernet4 | H | | | Root | - | | * | 0.0.0.0/0 | 24.24.24.1 | ethernet3 | S | 20 | 1 | Root | | | * | 24.24.24.61/32 | | ethernet1 | S | 20 | 1 | Root | | | * | 212.24.24.45/32 | | ethernet1 | S | 20 | 1 | Root | |
|
Source Routing
Network Source Routing Table List Page
trust-vr
Source Routing | | | IP/Netmask | Gateway | Interface | Protocol | Preference | Metric | |
|---|
| * | 192.168.0.45/32 | | ethernet4 | S | 20 | 1 |
|
Source Interface Based Routing
Network Interface Routing Table List Page
| ethernet4(trust-vr) | | | IP/Netmask | Gateway | Interface | Protocol | Preference | Metric | |
|---|
| * | 212.24.24.45/32 | | ethernet1 | S | 20 |
|
PBR INFORMATION
trust-vr
Extended Access List ID : 1
trust-vr
Match Group ID: Email-Match
trust-vr
Action Group ID : Email-Action
trust-vr
Policy Name: Email-Policy
Policy Binding
| | | Virtual Router | Policy Name | Zone | Policy Name | Interface | Policy Name | Action Policy |
|---|
| trust-vr | N/A | Trust | N/A | ethernet1 | Email-Policy | Email-Policy | | Untrust | N/A | tunnel.2 | N/A | N/A | | tunnel.1 | N/A | N/A | | ethernet4 | N/A | N/A | | ethernet3 | N/A | N/A | | Untrust-Tun | N/A | tunnel | N/A | N/A | | DMZ | N/A | ethernet2 | N/A | N/A |
|
Policy
Policy list page
Untrust To Trust Any to 212.24.24.45/32 |
|
Policy Configuration
Trust To Untrust 192.168.0.45 to Any Service: DNS and Email |
|
Policy Configuration
LOG DETAILS
Untrust To Trust Results
| Date/Time | Source Address/Port | Destination Address/Port | Translated Source Address/Port | Translated Destination Address/Port | Service | Duration | Bytes Sent | Bytes Received | Close Reason |
|---|
| 2018-02-12 17:39:44 | 21.200.12.95:15628 | 212.24.24.45:25 | 21.200.12.95:15628 | 192.168.0.45:25 | SMTP (TCP) | 18 sec. | 78 | 390 | Close - AGE OUT | | 2018-02-12 17:39:14 | 21.200.12.95:15628 | 212.24.24.45:25 | 21.200.12.95:15628 | 192.168.0.45:25 | SMTP (TCP) | 19 sec. | 390 | 624 | Close - AGE OUT |
|
Trust To Untrust Results
| | | Traffic log for policy : | | ID | Source | Destination | Service | Action |
|---|
| 150 | Trust/192.168.0.45:/32 | Untrust/Any | DNS Services
Web Services | Permit |
|
| Date/Time | Source Address/Port | Destination Address/Port | Translated Source Address/Port | Translated Destination Address/Port | Service | Duration | Bytes Sent | Bytes Received | Close Reason |
|---|
| 2018-02-12 17:36:48 | 192.168.0.45:49690 | 8.8.8.8:53 | 212.24.24.45:4372 | 8.8.8.8:53 | DNS | 88 sec. | 602 | 0 | Close - AGE OUT | | 2018-02-12 17:36:40 | 192.168.0.45:42272 | 8.8.8.8:53 | 212.24.24.45:4371 | 8.8.8.8:53 | DNS | 90 sec. | 623 | 0 | Close - AGE OUT | | 2018-02-12 17:36:04 | 192.168.0.45:39746 | 8.8.8.8:53 | 212.24.24.45:4370 | 8.8.8.8:53 | DNS | 86 sec. | 486 | 0 | Close - AGE OUT |
|