How to Connect USG700 to USG310 With Lan cable

Accepted Solution

  • Zyxel_Kevin
    Zyxel_Kevin Posts: 888  Zyxel Employee
    Zyxel Certified Network Administrator - Security Zyxel Certified Sales Associate 100 Answers 500 Comments
    Answer ✓

    Hi @NAZ4E,

    Thanks for your sharing, You have to add rules to allow traffic.

    For FW-1, src:Z_TPC-to-SPK dst: lan allow

    For FW-2, src:Z_SPK-to-TPC dst: lan allow

    Please kindly check and look forward to your feedback.

    Thank you

All Replies

  • Zyxel_Kevin
    Zyxel_Kevin Posts: 888  Zyxel Employee
    Zyxel Certified Network Administrator - Security Zyxel Certified Sales Associate 100 Answers 500 Comments
    Hi @NAZ4E
    Please kindly ensure you have routing on both firewalls . 
    (USG310:172.16.1.0/24 next-hop 172.16.99.1)
    (Flex700: 192.168.5.0/24 next-hop 172.16.99.2)
    Then you can connect to FLEX and USG at both sites. 
    Thank you
    Kevin
  • NAZ4E
    NAZ4E Posts: 9
    First Comment First Anniversary

    yes,i did it.but i can't ping 172.16.99.1 to 172.16.99.2 or 172.16.99.2 to 172.16.99.1

    GE0/12 and GE0/8 Config interface type internal or external?

  • Zyxel_Kevin
    Zyxel_Kevin Posts: 888  Zyxel Employee
    Zyxel Certified Network Administrator - Security Zyxel Certified Sales Associate 100 Answers 500 Comments
    Hi @NAZ4E,
    Please choose interface type "internal" for 172.16.99.0/30. 
    kindly share your configuration files by private messages. 
    I will do the check as well.
    Thank you
    Kevin
  • NAZ4E
    NAZ4E Posts: 9
    First Comment First Anniversary

     Ok. I did it. but Can't Ping 
  • PeterUK
    PeterUK Posts: 3,461  Guru Member
    100 Answers 2500 Comments Friend Collector Seventh Anniversary
    edited December 2022

    To ping each interfaces you need a rule from Z_TPC-to-SPK to Zywall and from Z_SPK-to-TPC to Zywall for ICMP.

    Remove the static route rule

    Then you need a routing rule.

    Incoming LAN

    Source address 192.168.5.0/24

    destination address 172.16.1.0/24

    next hop gateway 172.16.99.1

    SNAT none


    on the other side

    Incoming LAN

    Source address 172.16.1.0/24

    destination address 192.168.5.0/24

    next hop gateway 172.16.99.2

    SNAT none


    Then firewall rule

    from LAN to Z_TPC-to-SPK and from LAN to Z_SPK-to-TPC.


  • NAZ4E
    NAZ4E Posts: 9
    First Comment First Anniversary
      ok. i configuration follow with you but can't conneted.

  • Zyxel_Kevin
    Zyxel_Kevin Posts: 888  Zyxel Employee
    Zyxel Certified Network Administrator - Security Zyxel Certified Sales Associate 100 Answers 500 Comments
    edited December 2022
    Hi @NAZ4E

    I feel a little confuse, because the screenshots are not matched with your topology.

    Please share the configuration files by private message

    And kindly describe what is your purpose? (what IP address should be accessed from X.X.X.X) It will be clear.

    Thank you

  • NAZ4E
    NAZ4E Posts: 9
    First Comment First Anniversary
    I want the two buildings to be connected.

    TPC building can access time attendance and SPK building can access File Server.



  • Zyxel_Kevin
    Zyxel_Kevin Posts: 888  Zyxel Employee
    Zyxel Certified Network Administrator - Security Zyxel Certified Sales Associate 100 Answers 500 Comments
    Answer ✓

    Hi @NAZ4E,

    Thanks for your sharing, You have to add rules to allow traffic.

    For FW-1, src:Z_TPC-to-SPK dst: lan allow

    For FW-2, src:Z_SPK-to-TPC dst: lan allow

    Please kindly check and look forward to your feedback.

    Thank you

Security Highlight