[USG FLEX 200] Device on LAN2 VLAN with its own zone can not ping/connect to network IP

Sam999
Sam999 Posts: 2  Freshman Member
First Comment

Firmware version: 5.38(ABUI.0)

Following this article:

https://mysupport.zyxel.com/hc/en-us/articles/360003862540--ZyWALL-USG-How-to-configure-VLANs-on-ZyWALL-USG-appliance

Result: device on LAN2 VLAN with its own zone can not ping/connect to network IP.

If the vlan interface is removed from its own zone and join LAN2 zone, then device can ping/connect to VLAN network IP.

This seems to be a bug.

All Replies

  • PeterUK
    PeterUK Posts: 3,326  Guru Member
    100 Answers 2500 Comments Friend Collector Seventh Anniversary

    Do you have a VLAN switch or a PC tag for the given VLAN?

  • Sam999
    Sam999 Posts: 2  Freshman Member
    First Comment

    This case was resolved by the help from an engineer. Since VLAN default DNS-server is Zywall, policy control needs one extra policy to allow VLAN to Zywall traffic.

  • Zyxel_Kay
    Zyxel_Kay Posts: 1,008  Zyxel Employee
    Zyxel Certified Network Engineer Level 2 - Nebula Zyxel Certified Network Engineer Level 2 - WLAN Zyxel Certified Network Engineer Level 2 - Switch Zyxel Certified Network Engineer Level 2 - Security

    Hi @Sam999

    It's great to hear that you have resolved your problem!

    If you created and assigned a customized zone for the VLAN interface, you would need to add an extra security policy rule to allow traffic from this VLAN zone to the ZyWALL.

    In light of this, we will enhance the FAQ article to provide clearer instructions for configuring a VLAN.

    Thank you for bringing this to our attention.

    Kay

    Engage in the Community, become an MVP, and win exclusive prizes! https://bit.ly/Community_MVP

Security Highlight