I'm having some strange result in an older Checkpoint firewall. I have an NAT rule to convert the destination IP on a public interface to a private IP. I have a corresponding route rule to get the incoming packet to the correct destination router interface.
What I see with a sniffer on the firewall is that about one of every 15 requests the NAT is not taking place. The packets are heading to the inbound router with the public IP address as the destination IP.
I tried rebooting but that did not fix it. What would cause this strange result?