Inter VLAN Policies Control Help
Hello, I have to work with a USG-60,
The project is to do a lot of vlan in our company, at least 10, but I need inter-Vlan Routing.
Here is the plan of my problem.
For my Port N°1 i have 5 VLAN from 10 (GW : 192.168.0.254/24) for the management VLAN
11 for the production VLAN. ( GW : 192.168.1.254/24).
12 (GW : 192.168.2.254/24)
[…]
15 (GW : 192.168.5.254/24)
Here is the plan
(VLAN 10 is blue, VLAN 11 is green)
My specific need is to set up a server on VLAN 10 with a firewall rule that can let clients from VLAN11 to acces only via HTTPS and SMB the server. The server IP is 192.168.0.203 and 192.168.1.203 (i’ve choosed to add a 2nd IP so i don’t have to change on every Clients the server IP.
So here what I’ve done to test my VLAN route with my GS1900-8HP Switch:
-Desacivated the policy control by adding the first rule :
-This is how i created the VLAN :
Here is the ethernet config :
Here is the port config :
In addition to all, i’ve tested with or without SNAT, with or without static route from a Gateway or a interface. And finally I’ve tested with or without VLAN on the same Zone. And it still doesn't work :(
I really doesn’t understand where is my problem…
I hope this is understandable because i’m French, thanks you a lot for your help, merci ^_^
All Replies
-
Hi @J_6 ,
What is your problem? Please describe more details so we can better help you.
1 -
Hi @J_6,
I apologize for the delayed reply. Since you have set the allow-all rule for troubleshooting, I would like to know if you configured the DHCP server setting for VLAN 10 and 11.
If yes, please help to check if the default gateway setting has been set. And clarify with the ping test.
- PC ping to firewall VLAN 10 interface IP address.
- PC ping to firewall VLAN 11 interface IP address.
- PC ping to PC in VLAN 11.
In addition, the policy control rules with destination RFC1918 might cause your clients could not access the internet or other VLAN/subnet. It is recommended to remove/re-design those rules.
0
Categories
- All Categories
- 415 Beta Program
- 2.3K Nebula
- 141 Nebula Ideas
- 94 Nebula Status and Incidents
- 5.5K Security
- 216 USG FLEX H Series
- 262 Security Ideas
- 1.4K Switch
- 71 Switch Ideas
- 1K Wireless
- 39 Wireless Ideas
- 6.3K Consumer Product
- 243 Service & License
- 382 News and Release
- 81 Security Advisories
- 27 Education Center
- 8 [Campaign] Zyxel Network Detective
- 3K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 83 About Community
- 71 Security Highlight