Firewall interfaces: vmx0.100: flags=8843 metric 0 mtu 1500 options=600003 ether 00:0c:29:c3:ed:8c inet6 fe80::20c:29ff:fec3:ed8c%vmx0.100 prefixlen 64 scopeid 0xb inet 10.100.100.254 netmask 0xffffff00 broadcast 10.100.100.255 nd6 options=21 media: Ethernet autoselect status: active vlan: 100 vlanpcp: 0 parent interface: vmx0 groups: vlan vmx0.35: flags=8843 metric 0 mtu 1500 options=600003 ether 00:0c:29:c3:ed:8c inet6 fe80::20c:29ff:fec3:ed8c%vmx0.35 prefixlen 64 scopeid 0xc inet 172.35.35.254 netmask 0xffffff00 broadcast 172.35.35.255 inet 172.35.35.1 netmask 0xffffff00 broadcast 172.35.35.255 nd6 options=21 media: Ethernet autoselect status: active vlan: 35 vlanpcp: 0 parent interface: vmx0 groups: vlan Server interfaces: bge0: flags=8843 metric 0 mtu 1500 description: MGMT options=c019b ether c8:cb:b8:c5:26:7d hwaddr c8:cb:b8:c5:26:7d inet 10.100.100.6 netmask 0xffffff00 broadcast 10.100.100.255 nd6 options=9 media: Ethernet autoselect (100baseTX ) status: active lagg0: flags=8843 metric 0 mtu 1500 description: PROD options=6403bb ether 00:1b:21:81:91:10 inet 172.35.35.5 netmask 0xffffff00 broadcast 172.35.35.255 Host interface: Ethernet adapter Ethernet: Connection-specific DNS Suffix . : Link-local IPv6 Address . . . . . : fe80::e035:48e0:c98f:b7%11 IPv4 Address. . . . . . . . . . . : 10.40.40.4 Subnet Mask . . . . . . . . . . . : 255.255.255.0 Default Gateway . . . . . . . . . : 10.40.40.254 Test description: accessing Server 10.100.100.6 port https from Host 10.40.40.4 Exit traffic from the firewall towards the server : [2.4.4-RELEASE][admin@ROBFW2.jder.local]/root: tcpdump -nni vmx0.100 host 10.100.100.6 and port 80 and host 10.40.40.4 tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on vmx0.100, link-type EN10MB (Ethernet), capture size 262144 bytes 21:38:11.877421 IP 10.40.40.4.7701 > 10.100.100.6.80: Flags [P.], seq 4257189580:4257190021, ack 4199906255, win 8210, length 441: HTTP: GET / HTTP/1.1 21:38:11.882788 IP 10.40.40.4.7701 > 10.100.100.6.80: Flags [P.], seq 441:935, ack 422, win 8209, length 494: HTTP: GET /ui/ HTTP/1.1 21:38:11.909490 IP 10.40.40.4.7701 > 10.100.100.6.80: Flags [P.], seq 935:1361, ack 628, win 8208, length 426: HTTP: GET /ui/assets/iconfont/material-icons.css HTTP/1.1 21:38:11.910675 IP 10.40.40.4.7699 > 10.100.100.6.80: Flags [P.], seq 2547150306:2547150749, ack 595971051, win 1026, length 443: HTTP: GET /ui/assets/iconfont/mdi/css/materialdesignicons.min.css HTTP/1.1 21:38:11.911535 IP 10.40.40.4.7703 > 10.100.100.6.80: Flags [P.], seq 2050523922:2050524355, ack 1991836315, win 1023, length 433: HTTP: GET /ui/assets/iconfont/primeicons/primeicons.css HTTP/1.1 21:38:11.913387 IP 10.40.40.4.7702 > 10.100.100.6.80: Flags [P.], seq 4253358365:4253358788, ack 1781713902, win 8207, length 423: HTTP: GET /ui/styles.c6b78af4abe51426b681.css HTTP/1.1 21:38:11.914459 IP 10.40.40.4.7704 > 10.100.100.6.80: Flags [P.], seq 3189199649:3189200090, ack 2723274502, win 8211, length 441: HTTP: GET /ui/assets/images/light-logo.svg HTTP/1.1 21:38:11.916004 IP 10.40.40.4.7700 > 10.100.100.6.80: Flags [P.], seq 379581273:379581675, ack 1805752378, win 1026, length 402: HTTP: GET /ui/assets/scripts/product.js HTTP/1.1 Input traffic in Server root@ROBSRVNAS[/]# tcpdump -nni bge0 host 10.100.100.6 and port 80 tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on bge0, link-type EN10MB (Ethernet), capture size 262144 bytes 11:33:22.499284 IP 10.40.40.4.7675 > 10.100.100.6.80: Flags [S], seq 576992441, win 64240, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0 11:33:22.499710 IP 10.40.40.4.7675 > 10.100.100.6.80: Flags [.], ack 699319255, win 8212, length 0 11:33:22.500316 IP 10.40.40.4.7675 > 10.100.100.6.80: Flags [P.], seq 0:441, ack 1, win 8212, length 441: HTTP: GET / HTTP/1.1 11:33:22.505419 IP 10.40.40.4.7675 > 10.100.100.6.80: Flags [P.], seq 441:935, ack 422, win 8210, length 494: HTTP: GET /ui/ HTTP/1.1 11:33:22.537819 IP 10.40.40.4.7675 > 10.100.100.6.80: Flags [P.], seq 935:1361, ack 628, win 8210, length 426: HTTP: GET /ui/assets/iconfont/material-icons.css HTTP/1.1 11:33:22.539169 IP 10.40.40.4.7676 > 10.100.100.6.80: Flags [S], seq 249914633, win 64240, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0 11:33:22.540820 IP 10.40.40.4.7677 > 10.100.100.6.80: Flags [S], seq 2021260189, win 64240, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0 11:33:22.541571 IP 10.40.40.4.7678 > 10.100.100.6.80: Flags [S], seq 2277434009, win 64240, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0 11:33:22.541700 IP 10.40.40.4.7679 > 10.100.100.6.80: Flags [S], seq 3550639571, win 64240, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0 11:33:22.541842 IP 10.40.40.4.7677 > 10.100.100.6.80: Flags [.], ack 2434325615, win 1026, length 0 11:33:22.541877 IP 10.40.40.4.7676 > 10.100.100.6.80: Flags [.], ack 3465743666, win 1026, length 0 11:33:22.542475 IP 10.40.40.4.7676 > 10.100.100.6.80: Flags [P.], seq 0:443, ack 1, win 1026, length 443: HTTP: GET /ui/assets/iconfont/mdi/css/materialdesignicons.min.css HTTP/1.1 11:33:22.542598 IP 10.40.40.4.7677 > 10.100.100.6.80: Flags [P.], seq 0:433, ack 1, win 1026, length 433: HTTP: GET /ui/assets/iconfont/primeicons/primeicons.css HTTP/1.1 Output traffic from the server: root@ROBSRVNAS[/]# tcpdump -nni lagg0 host 10.100.100.6 and port 80 tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on lagg0, link-type EN10MB (Ethernet), capture size 262144 bytes 11:35:06.872309 IP 10.100.100.6.80 > 10.40.40.4.7684: Flags [S.], seq 2849582935, ack 361584479, win 65535, options [mss 1460,nop,wscale 6,sackOK,eol], length 0 11:35:06.877254 IP 10.100.100.6.80 > 10.40.40.4.7684: Flags [P.], seq 1:422, ack 442, win 1026, length 421: HTTP: HTTP/1.1 302 Moved Temporarily 11:35:06.882451 IP 10.100.100.6.80 > 10.40.40.4.7684: Flags [P.], seq 422:628, ack 936, win 1026, length 206: HTTP: HTTP/1.1 304 Not Modified 11:35:06.916125 IP 10.100.100.6.80 > 10.40.40.4.7685: Flags [S.], seq 3594224936, ack 719962712, win 65535, options [mss 1460,nop,wscale 6,sackOK,eol], length 0 11:35:06.916217 IP 10.100.100.6.80 > 10.40.40.4.7686: Flags [S.], seq 544356318, ack 3193263618, win 65535, options [mss 1460,nop,wscale 6,sackOK,eol], length 0 11:35:06.916355 IP 10.100.100.6.80 > 10.40.40.4.7684: Flags [P.], seq 628:834, ack 1362, win 1026, length 206: HTTP: HTTP/1.1 304 Not Modified 11:35:06.916542 IP 10.100.100.6.80 > 10.40.40.4.7687: Flags [S.], seq 3353768761, ack 1922313182, win 65535, options [mss 1460,nop,wscale 6,sackOK,eol], length 0 11:35:06.916676 IP 10.100.100.6.80 > 10.40.40.4.7688: Flags [S.], seq 729647829, ack 2911955077, win 65535, options [mss 1460,nop,wscale 6,sackOK,eol], length 0 11:35:06.916824 IP 10.100.100.6.80 > 10.40.40.4.7689: Flags [S.], seq 213272562, ack 859529733, win 65535, options [mss 1460,nop,wscale 6,sackOK,eol], length 0 Input returning traffic in the firewall: [2.4.4-RELEASE][admin@ROBFW2.jder.local]/root: tcpdump -nni vmx0.35 host 10.100.100.6 and port 80 and host 10.40.40.4 tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on vmx0.35, link-type EN10MB (Ethernet), capture size 262144 bytes 21:40:02.194608 IP 10.100.100.6.80 > 10.40.40.4.7716: Flags [P.], seq 2913733534:2913733955, ack 3902228410, win 1026, length 421: HTTP: HTTP/1.1 302 Moved Temporarily 21:40:02.199900 IP 10.100.100.6.80 > 10.40.40.4.7716: Flags [P.], seq 421:627, ack 495, win 1026, length 206: HTTP: HTTP/1.1 304 Not Modified 21:40:02.232141 IP 10.100.100.6.80 > 10.40.40.4.7716: Flags [P.], seq 627:833, ack 921, win 1026, length 206: HTTP: HTTP/1.1 304 Not Modified 21:40:02.232688 IP 10.100.100.6.80 > 10.40.40.4.7717: Flags [P.], seq 3741900885:3741901091, ack 2872012452, win 1026, length 206: HTTP: HTTP/1.1 304 Not Modified 21:40:02.232796 IP 10.100.100.6.80 > 10.40.40.4.7714: Flags [P.], seq 2341380541:2341380747, ack 2247811226, win 1026, length 206: HTTP: HTTP/1.1 304 Not Modified 21:40:02.232862 IP 10.100.100.6.80 > 10.40.40.4.7715: Flags [P.], seq 1753037058:1753037264, ack 1313383148, win 1026, length 206: HTTP: HTTP/1.1 304 Not Modified 21:40:02.243204 IP 10.100.100.6.80 > 10.40.40.4.7714: Flags [P.], seq 206:412, ack 403, win 1026, length 206: HTTP: HTTP/1.1 304 Not Modified 21:40:02.243308 IP 10.100.100.6.80 > 10.40.40.4.7717: Flags [P.], seq 206:412, ack 442, win 1026, length 206: HTTP: HTTP/1.1 304 Not Modified 21:40:02.307708 IP 10.100.100.6.80 > 10.40.40.4.7717: Flags [P.], seq 412:618, ack 850, win 1026, length 206: HTTP: HTTP/1.1 304 Not Modified 21:40:02.307793 IP 10.100.100.6.80 > 10.40.40.4.7714: Flags [P.], seq 412:618, ack 813, win 1026, length 206: HTTP: HTTP/1.1 304 Not Modified 21:40:02.308074 IP 10.100.100.6.80 > 10.40.40.4.7715: Flags [P.], seq 206:412, ack 409, win 1026, length 206: HTTP: HTTP/1.1 304 Not Modified 21:40:02.308393 IP 10.100.100.6.80 > 10.40.40.4.7716: Flags [P.], seq 833:1039, ack 1326, win 1026, length 206: HTTP: HTTP/1.1 304 Not Modified 21:40:02.718996 IP 10.100.100.6.80 > 10.40.40.4.7719: Flags [S.], seq 2359338866, ack 3548544325, win 65535, options [mss 1460,nop,wscale 6,sackOK,eol], length 0 21:40:02.723369 IP 10.100.100.6.80 > 10.40.40.4.7719: Flags [P.], seq 1:268, ack 518, win 1026, length 267: HTTP: HTTP/1.1 101 Switching Protocols