某局点过防火墙访问外网不通

两台防火墙堆叠双主作为出口，下行链路跨框聚合，上行公网口连接在slot 2上

一台PC接在slot 1下，ping 114不通，将PC接到slot 2下，ping 114则正常

在设备上收集debug ip packet查看报文走向，可以看到整个过程没有问题

*Jul 29 22:46:55:534 2022 FW IPFW/7/IPFW_PACKET: -COntext=1;

Receiving, interface = GigabitEthernet1/0/2          1/0/2口收到终端的报文

version = 4, headlen = 20, tos = 0

pktlen = 60, pktid = 28308, offset = 0, ttl = 64, protocol = 1

checksum = 4924, s = X.X.X.X, d = 114.114.114.114

channelID = 0, vpn-InstanceIn = 0, vpn-InstanceOut = 0.

VsysID = 1

prompt: Receiving IP packet from interface GigabitEthernet1/0/2.

Payload: ICMP

  type = 8, code = 0, checksum = 0x4429.

*Jul 29 22:46:55:534 2022 FW IPFW/7/IPFW_PACKET: -COntext=1;

Transferring, interface = GigabitEthernet2/0/24            //发送给slot 2

version = 4, headlen = 20, tos = 0

pktlen = 60, pktid = 28308, offset = 0, ttl = 63, protocol = 1

checksum = 5180, s = X.X.X.X, d = 114.114.114.114

channelID = 0, vpn-InstanceIn = 0, vpn-InstanceOut = 0.

VsysID = 1

prompt: Sending to slot 2

Payload: ICMP

  type = 8, code = 0, checksum = 0x4429.

*Jul 29 22:46:55:540 2022 FW IPFW/7/IPFW_PACKET: -COntext=1-Slot=2;

Transferring, interface = GigabitEthernet2/0/24

version = 4, headlen = 20, tos = 0

pktlen = 60, pktid = 28308, offset = 0, ttl = 63, protocol = 1

checksum = 5180, s = X.X.X.X, d = 114.114.114.114

channelID = 0, vpn-InstanceIn = 0, vpn-InstanceOut = 0.

VsysID = 1

prompt: IP TR: Receive packet from another node.                //slot 2收到了转发过来的报文

Payload: ICMP

  type = 8, code = 0, checksum = 0x4429.

*Jul 29 22:46:55:540 2022 FW IPFW/7/IPFW_PACKET: -COntext=1-Slot=2;

Sending, interface = GigabitEthernet2/0/24           //从2/0/24发出去了

version = 4, headlen = 20, tos = 0

pktlen = 60, pktid = 28308, offset = 0, ttl = 63, protocol = 1

checksum = 5180, s = X.X.X.X, d = 114.114.114.114

channelID = 0, vpn-InstanceIn = 0, vpn-InstanceOut = 0.

VsysID = 1

prompt: Sending IP packet received from interface GigabitEthernet1/0/2 at interface GigabitEthernet2/0/24.

Payload: ICMP

  type = 8, code = 0, checksum = 0x4429.

策略已经放通：

*Jul 29 22:46:55:534 2022 FW FILTER/7/PACKET: -COntext=1; The packet is permitted. Src-ZOne=Trust, Dst-ZOne=Untrust;If-In=GigabitEthernet1/0/2(4), If-Out=GigabitEthernet2/0/24(90); Packet Info:Src-IP=X.X.X.X, Dst-IP=114.114.114.114, VPN-Instance=, Src-MacAddr=H-H-H,Src-Port=8, Dst-Port=0, Protocol=ICMP(1), Application=ICMP(22742),Terminal=invalid(0), SecurityPolicy=shangwang, Rule-ID=1.

在公网口无法抓包向114发送请求的报文，debugging nat packet没有对应输出。

后续确认堆叠双主，流量跨框场景，NAT配置在物理口时，会导致NAT无法正常转换，所以出现不通。

将NAT配置在逻辑接口上