Http traffic dropping with out log entry - static NAT

[dxk9_dtman]

Hi all,

I have a problem that no-one has been able to figure out.

I recently upgraded to NGAI R55 hfa 17 from hfa 15. At the same night there was a big smart defense update, December 28, 2005. I have 2 enforcement modules set up in nokia IP clustering with IPSO 3.7 build048.

After that upgrade no one could connect to our publicly available websites. To fix it I had to uncheck the webserver object out of the host node object in dashboard for ALL our dmz objects. This caused the http traffic to flow again to those web sites. People were getting timed out before. in unchecking the object as a webserver, we lost our smart defense protection of cross-site scripting.

We still can't get http traffic to pass through a web server object in our DMZ( a checkbox in the object ) or a http resource defined (with no blocking checked - just the fact that it's going through a resource drops the traffic). Our DMZ web servers use NATing:

We have one site defined as a host node A.
Real IP 192.168.10.15
NAT 87.130.37.235

Host node A sits on web server 1 and 192.168.10.15 is an auxiliary IP address of web server 1.
Real IP 192.168.10.3
NAT 87.130.37.254

Is there something in hfa 17 (we had it working with hfa 15) that would have caused this to break - drop http traffic with out any drops in the logs? Do you see an obvious problems with our design?

Thanks for any help,
~DjK

[Lackie]

I would moreso suspect the SmartDefense update than the HFA.