NoE  Freshman Member

Hi @@osake_li_09 Yes, exactly. The Internet was ok for bridge WAN (i.e. 192.168.94.0/24 network). All other subnets defined on the USG stopped accessing the internet.No, the bridge WAN has its own policies, the main WAN is not within it. The main WAN has its own Security Policies.But I think like following.....I have set…

Hi @zyman2008 I will try your solution as well....could you please elaborate more on point 4?Does the trunk force all the packets - 192.168.94.0 included - via main ISP? Best regards,NoE

Hi @Fred_77 thanks for the screenshots shared. there are two lines in your Policy Route screenshot.The 2nd line for optics has defined the "next hop" - I do not have such hop defined for main ISP WAN connection. Instead, I have rules like* for main IPS (optics) LAN_to_Device .... any WAN_to_Device ... any LAN_Outgoing ...…

Hi @Fred_77,I have tried the solution you have proposed just a while ago:1) The traffic for the computers within 192.168.94.0/24 went nicely2) The traffic for the main network ceased to access the internet.....and seemed really slow while recognizing it.:-(NoE

Hi @zyman2008 wow, thank you!I have no experience with ARP, but I will pay closer look to your proposal.Special thanks for proposal regarding my points 1)shared stuff 2)admins accessI will have a downtime window for these works next Monday, so I will now study all the proposals, then I will try them on Monday and - of…

Hi @WJSthanks for this proposal....while thinking, this could be also a solution.Thanks for your interest!Cheers,NoE

Hi @Fred_77 well I like it - it is simple and seems to be a solution!I will try this approach and will let you know then.Just a question - so for the WAN port on USG, where the GW 192.168.94.1 will be plugged, the address 0.0.0.0 will do the trick? Meaning: not interfering with actual GW's IP and allowing the traffic from…

Hi @Fred_77 thanks for your interest in this challenge :-) yes, this is quite peculiar situation of ISP. It provides us practically with the GW/router which resides in our rack. The GW IP is 192.168.94.1.So the whole network provided (192.169.94.0/24) is a private one.We have another (main) ISP which provides classical…

Hello, I thought about it little bit more and perhaps this cannot be done like this - I can make IP/MAC binding for those PCs, then I can use DHCP server on that particular port. But I am not sure whether or not can I set the IP/MAC binding beforehand, so the DHCP server would assign IPs based on IP/MAC binding map.…

Hi @Fred_77 ,DHCP on every port - that's fantastic and more I expected, thanks a lot for your answer.