Hi @deepdam 

Thanks for reaching out to TP-Link Business Forums.

This sounds like a classic NAT misconfiguration issue.

To help me diagnose this effectively, I need a bit more information. Could you please provide the following?

1. What's the entire network topology, i.e., ISP Fiber - - (WAN) Firewall (LAN) - - (WAN) ER8411 (LAN) - - PC, etc. ?

What IP range did you configure on the firewall and the gateway?

2. Did you configure the NAT rules on the firewall or the gateway? Can you upload the settings here so that we could check it? Please erase your personal information before uploading.

3. Can you provide an example of one or two "IP spoofing" alerts? What are the Source IP, Destination IP, and potentially Source Port and Protocol listed in these alerts?

Hi   @Gabriel-TP 
 

1. Yes that is exactly that. From the ER8411 the configuration is such as
   1. The WAN has static IP 192.168.5.1/24 with the gateway pointing to the FW with static IP 192.168.5.254/24 as gateway
   2. The only LAN confgured uses Gateway 192.168.0.254/24 (i.e. the ER8411) and the DHCP range 192.168.0.1/24
   3. There are 2 WLAN : classic and guest
2. The only NAT rules defined are port forwarding, on both the Firewall and ER8411,they are working and not showing up in the problem
3. You can see the attached screencap.
   1. Source IP is a LAN IP where only 192.168.5.1 is expected on the firewall side
   2. Destination IP varies
   3. Protocols can be jabbers/https/icmp

There is not much configuration done, and it seems to work most of the time since there is not fonctionnal evidence of the issue on the client side. Which makes me think that when a paquets is lost, the exact same is passing in the mean time by automatic retries.
Open for any suggestions or explanations.

Hi @deepdam 

To better assist you, I've created a support ticket via your registered email address. The ticket ID is TKID260508215, please check your email box and ensure the support email is well received. Thanks!