In my network we have upgraded the FWSM software from 2.3 to 3.2. After the upgrade we have encountered the following problem.
We have an application that is using SQL-net protocol and is passing our FWSM in transparent mode. The problem is that the application running under the ip address 10.0.0.1 (on the outside of the FW) is sending the client (192.168.0.1) on the inside, redirect packet to ip address 10.0.0.2. When we capture the packet on the outside interface with the sniffer it looks correct (src from 10.0.0.0 redirects to 10.0.0.2), but when we captured the same packet on the inside interface (after it passed the FWSM) we can see that the redirect is sourced by the 10.0.0.1 but point to 10.0.0.1 instead of 10.0.0.2.
It looks like there is some kind of inspect running in the background that is changing the redirection ip address.
On the previous software version it this application works fine.
Does anybody have any ideas what inspection could do such modification and if it is possible to disabled it for specific type of communication without disrupting other kind of traffic.
Thank you in advance for any help