DFW Blocking Rule when Attempting to Get to Load Balancer IP


Under the same Single Segment in NSX-t 3.1.3 I have a VM attempting to get to the LB.

Source VM:

Target LB:
–Member A:
–Member B:


When trying to connect from source ( to LB ( on port 443. If I attempted to lockdown the firewall rule from source IP ( or even then the connection was not successful. This was very strange as when it was set to ANY then it worked. This means this IP must be changing somewhere along the line. The traceflow in NSX-T showed that it was being blocked on the DFW rule at the final step getting to the member server.


The issue was the SNAT Translation in the Load Balacner configuration.

In NSX-T Manager go Networking -> Load Balancing -> Server Pools -> {Edit Pool} -> Set SNAT Translation Mode to IP Pool -> Set IP Address (in this case) to :