USG FLEX 500 - lan1 to lan 2 and lan2 to lan1
Hello I have a firewall usg flex 500 with lan 1 (192.168.0.0 GW 192.168.0.230) and lan 2 (192.168.33.0 GW 192.168.33.230) for both lan the GW is the firewall itself
I need to make the two lan's and consequently the clients talk by enabling ips control
I can ping the firewall from both subnets on ex: 192.168.0.190 --> 192.168.33.230 but I can't ping client to client 192.168.0.190--> 192.168.33.100
I have tried state route and policy route but to no effect. What am I missing?
All Replies
-
You don't need to add routes, those destinations are included in "direct route".
You could look at the logs, to see if some other firewall rule blocks traffic.
1 -
I see nothing from the firewall logs.
Only if I enter a policy control (lan1 to lan2) I can see the ICMP pass as accepted even though I still receive unreachable from the client.0 -
It could be remote device that doesn't respond.
What kind of device are you unable to ping? PC, printer, etc…
0 -
likely a firewall on end device
unless you have enabled "Use IPv4 Policy Route to Overwrite Direct Route" ?with routeing rule like LAN1 next hop WAN?
0 -
is a server with dual ports 1) with the subnet 192.168.0.179 the 2) with the subnet 192.168.33.100
And I am trying to ping the second port from a client under subnet 192.168.0.x0 -
Hi @Smartmob,
It seems like your client is using Windows OS. Have you disabled the Windows firewall before testing?
And if 192.168.33.230 can ping to 192.168.33.100?
0
Categories
- All Categories
- 415 Beta Program
- 2.3K Nebula
- 141 Nebula Ideas
- 94 Nebula Status and Incidents
- 5.5K Security
- 216 USG FLEX H Series
- 262 Security Ideas
- 1.4K Switch
- 71 Switch Ideas
- 1K Wireless
- 39 Wireless Ideas
- 6.3K Consumer Product
- 243 Service & License
- 382 News and Release
- 81 Security Advisories
- 27 Education Center
- 8 [Campaign] Zyxel Network Detective
- 3K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 83 About Community
- 71 Security Highlight