MARS and FWSM NAT translation

Unanswered Question
Mar 3rd, 2008
User Badges:


I've been running CS-MARS along with an FWSM and IDSM for about a year now and has always wanted to know one thing.

If the IDSM send an alert originating from the FWSM global IP I 'sometimes' get a translation into the internal NATed IP address. It's about a 10% success ratio.

All systems are set with NTP to an internal server and I see no special pattern to it.

Any ideas?

Best regards


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
tstanik Fri, 03/07/2008 - 13:54
User Badges:
  • Bronze, 100 points or more

You need to check the NAT rules to find out which rule is working and changing the IP. After this scan the network traffic and determine at which particular traffic this happens.


This Discussion