USG FLEX 500 - lan1 to lan 2 and lan2 to lan1

Smartmob · October 23

Hello I have a firewall usg flex 500 with lan 1 (192.168.0.0 GW 192.168.0.230) and lan 2 (192.168.33.0 GW 192.168.33.230) for both lan the GW is the firewall itself

I need to make the two lan's and consequently the clients talk by enabling ips control
I can ping the firewall from both subnets on ex: 192.168.0.190 --> 192.168.33.230 but I can't ping client to client 192.168.0.190--> 192.168.33.100
I have tried state route and policy route but to no effect. What am I missing?

valerio_vanni · October 23

You don't need to add routes, those destinations are included in "direct route".

You could look at the logs, to see if some other firewall rule blocks traffic.

Smartmob · October 23

I see nothing from the firewall logs.
Only if I enter a policy control (lan1 to lan2) I can see the ICMP pass as accepted even though I still receive unreachable from the client.

valerio_vanni · October 23

It could be remote device that doesn't respond.

What kind of device are you unable to ping? PC, printer, etc…

PeterUK · October 23

likely a firewall on end device

unless you have enabled "Use IPv4 Policy Route to Overwrite Direct Route" ?with routeing rule like LAN1 next hop WAN?

Smartmob · October 23

https://community.zyxel.com/en/discussion/comment/70933#Comment_70933

is a server with dual ports 1) with the subnet 192.168.0.179 the 2) with the subnet 192.168.33.100
And I am trying to ping the second port from a client under subnet 192.168.0.x