I have added a NAT section to SmartSPLAT some commands related to the new tab:
To Debug Nat related issues,
Start debug
# fw ctl debug 0
# fw ctl debug -buf 2048
# fw ctl debug xlate xltrc
# fw ctl kdebug -f > kdebug.out
stop debug
# fw ctl debug 0
My way to debug with fw monitor,
#fw monitor -e 'accept src=xxx or src=yyy or dst=xxx or dst=yyy;' -o fwmon.cap
NAT tables are not cleared upon Security Policy installation.
To manually clear the NAT tables,
#fw tab -t fwx_alloc -x
To see the maximum capacity,
# fw tab -t connections | grep limit
To see the NAT Limit
# fw tab -t fwx_alloc | grep limit
To see NAT Statistics
#fw tab –t fwx_alloc -t fwx_cache –s
