Sonicwall consuming and generating packets from WAN instead of forwarding
We have a client that has an on-prem Exchange server, one of their users kept getting their account locked due to incorrect credentials being entered into OWA. Usually, I would check the iis logs, find the ip address the request is coming from and block it. In this instance the source ip address in the iis logs is being reported as the LAN ip address of the SonicWall. Packet capture on the SonicWall shows the same, source ip address is the LAN IP of the SonicWall. Is this a configuration error in the fw? How do find the actual source ip address the traffic is being generated from?