[ATP] allowing traffic to the edge router LAN

Options
phphil
phphil Posts: 37  Freshman Member
First Anniversary 10 Comments Friend Collector
edited February 8 in Security

Dear all,

Context: Our network look about like this:

The edge router WAN port is connected to the atp500 P2 interface (external interface type).

On the ATP500 firewall we have configured 3 different LAN on P5, P6, P7 ports. These interfaces was configured as Internal (Interface Type), and DHCP and everything is managed by the firewall.

On the edge router there is the LAN4, but it seems to not be reachable from the internal network(LAN1, LAN2, LAN3), I'm testing from LAN1 that has all open on policy route settings.

I tried to add an additional ethernet connection from P8 to LAN port on the edge router, I configured the interface P8 as external (interface type) , and configured IP Address Assignment using the same network parameters that are used on the edge router.

But this does not seems to be all right, from LAN1 i cannot reach anything on LAN4:

ping 192.168.146.1

Pinging 192.168.146.1 with 32 bytes of data:
Request timed out.
Request timed out.
Reply from 192.168.146.0: Destination host unreachable.
Reply from 192.168.146.0: Destination host unreachable.

Ping statistics for 192.168.146.1:
Packets: Sent = 4, Received = 2, Lost = 2 (50% loss),

Maybe someone can catch something wrong in my setup, or suggest some troubleshooting operation?

Thank you

All Replies

  • WJS
    WJS Posts: 149  Ally Member
    First Anniversary 10 Comments Friend Collector First Answer
    Options

    I thought you don't need a policy route.

    Just let firewall do the SNAT.

    For example:

    192.168.1.0 (LAN1) → 192.168.146.0 (LAN4)

    → 2.2.2.2 (ATP500 P2 IP) → 192.168.146.0

    I believe edge router have associated route table. And it can give a correct way.

  • PeterUK
    PeterUK Posts: 2,902  Guru Member
    Community MVP First Anniversary 10 Comments Friend Collector
    Options

    maybe you need a static route on Edge router for LAN1 subnet to gateway of atp500 

Security Highlight