Nat 1:1 static configuration or “Server Mapping” in Huawei have a strange behavior on the WEB GUI. Based on USG 6300 series with V500R001C60SPC500 firmware, when you configure bidirectional NAT it behaves like a SOURCE NAT.
Solution:
# Logon to the USG Firewall in SSH
# Search for nat configuration:
<FW-USG>dis cu | i nat
nat server SERVER-NAT_1 zone untrust global 10.99.250.10 inside 192.168.88.10 no-reverse unr-route
# Delete NAT Configuration:
[FW-USG] undo nat server SERVER-NAT_1 zone untrust global 10.99.250.10 inside 192.168.88.10 no-reverse unr-route
# Create NAT on the CLI ommitting no-reverse option:
[FW-USG]nat server SERVER-NAT_1 zone untrust global 10.99.250.10 inside 192.168.88.10
# TEST!
There are platforms, such as new generation firewalls that have a very powerful web management portal. But in general in network environments, especially on routers, CONFIGURE EVERYTHING via CLI PLEASE !!!
.glitchlist crew