Virtual Server to Virtual IP
I have a network interface (IPsec tunnel interface) with 10.212.135.1/32 address.
I created a Virtual IP object of type static NAT:
External IP Address/Range: 10.212.135.1 - 10.212.135.1
Mapped IP Address/Range: 10.0.15.201 - 10.0.15.201
External Service Port: 5514 - 5514
Map to Port: 5514 - 5514
Now, from 172.19.119.100/32 via the IPsec tunnel to 10.212.135.1:5514 UDP works as this is forwarded to 10.0.15.201:5514. All good.
If I now try to change the Mapped IP Address/Range to 10.0.15.210 (which is a Virtual Server with three real servers of 10.0.15.201, 202, 203) this breaks.
I get "denied by policy 0 dropped".
Is this possible, a valid use case? I tried adding another policy to allow to the Virtual Server and destination All but no dice.
Please advise if any further info is required.