Jump to content


Barracuda NG NAT


  • Please log in to reply
5 replies to this topic

#1 Joy Salamat

Joy Salamat
  • Members
  • 4 posts

Posted 02 March 2015 - 09:31 AM



I would like to ask for assistance in configuring the NAT on the appliance. I can remotely the server public IP in the internal network. However when connected to other public network the remote session is drop going to the internal server.


I have an error Reverse Routing Interface Mismatch.




#2 Matthias Maschler

Matthias Maschler
  • Barracuda Team Members
  • 107 posts
  • LocationInnsbruck

Posted 03 March 2015 - 03:27 AM



and welcome to the forum.


To help you get your NG Firewall configured properly, it would be great if you could go a little more into detail. 

Did you follow the instructions mentioned here?



"Reverse Routing Interface Mismatch" usually indicates wrong routing on your NG Firewall. 


To troubleshoot your situation, the following information would be helpful. Go to FIREWALL > History and search for the connection where you saw the Info message. Please verify the following connection details:
Source, Destination, Dst NAT, Interface, Output-IF


A working Dst NAT connection to an internal host within the DMZ look like this:


Source: (Public IP address on the Internet)
Destination: (WAN IP address of the NG)
Dst NAT: (host in the DMZ)

Interface: dhcp (network interface the connection is received, typically the WAN interface of the NG)

Output-IF: port3 (network interface hosting the DMZ network)




#3 Joy Salamat

Joy Salamat
  • Members
  • 4 posts

Posted 03 March 2015 - 08:09 AM

Hello Matthias,


Yes I have followed the instructions on the link. However when I'am connected outside our internal network I cannot longer connect to the DMZ (NAT).




#4 Matthias Maschler

Matthias Maschler
  • Barracuda Team Members
  • 107 posts
  • LocationInnsbruck

Posted 03 March 2015 - 10:12 AM

Hi Joy,


without further details of your configuration it is very hard to troubleshoot your issue.

I suggest to contact Barracuda Tech Support, so we can have a look at your current configuration to find out what's causing the problem.


See https://www.barracuda.com/support/ for details on how to contact support.




#5 Micha Knorpp

Micha Knorpp
  • Members
  • 195 posts
  • LocationGermany, BW

Posted 04 March 2015 - 06:14 AM

Sounds like missing Policy Routes for multiple ISP connections ?


#6 Andy Chapman

Andy Chapman
  • Members
  • 1 posts

Posted 27 July 2017 - 04:27 AM

Just in case someone has a similar issue,


I had this but with 2 x kemp load balancers in the DMZ. When using Direct Server Return (not using the kemps as the default gateway) packets were going over a different interface to which they arrived as the servers being balanced were using their own default gateway (NG Firewall)
The rule for inbound traffic to the kemps for HTTPS, SMTP etc. was adjusted to compensate for routing mismatch. changing both the "continue on source interface mismatch" to Yes and "interface checks after session creation" to disabled in the Dynamic interface handling section in Advanced allowed the traffic outbound without generating a mismatch error.


hope this helps someone.