This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

XG230 lan to lan error ips

I have problems with my xg. I have a lan to lan rule with all the services and ips, but with certain ips I can not establish connection with my server that is within the same range, I have tried with other ips and if I manage to reach the server even from a different range.

ip equipment 192.168.1.231
ip server 192.168.1.250
ip team 2 192.168.9.27

it's as if I blocked a ips section but I do not have any rule that does that

This thread was automatically locked due to age.

Parents

0 rfcat_vk over 6 years ago

Hi Marcos,

please post unexpended copy of your rule.

Thank you

Ian

XG115W - v19.5.1 mr-1 - Home

If a post solves your question please use the 'Verify Answer' button.
Cancel
Vote Up 0 Vote Down

Cancel
0 Marcos Ramirez over 6 years ago in reply to rfcat_vk

Pensé que era un detalle de mi interruptor, así que lo reinicié, junto con el sophos y el servidor,

pero el mismo detalle no puedo conectarme o hacer ping desde un grupo aleatorio de ips
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 Marcos Ramirez over 6 years ago in reply to rfcat_vk

Pensé que era un detalle de mi interruptor, así que lo reinicié, junto con el sophos y el servidor,

pero el mismo detalle no puedo conectarme o hacer ping desde un grupo aleatorio de ips
Cancel
Vote Up 0 Vote Down

Cancel

Children

0 rfcat_vk over 6 years ago in reply to Marcos Ramirez

Thank you for posting. I am going to assume that you do not have a port assigned in your MASQ rule. You do not need the MASQ entry.

I would suggest that you make debugging easier by creating an identity for each source and destination address in the firewall rule. Would also make the rule easier to read and understand what it is trying to achieve.

Ian

XG115W - v19.5.1 mr-1 - Home

If a post solves your question please use the 'Verify Answer' button.
Cancel
Vote Up 0 Vote Down

Cancel
0 Marcos Ramirez over 6 years ago in reply to rfcat_vk

hello rfcat_vk,

thanks for answering! this is what I have in translation of network addresses ... and as for the rule you could tell me how ...?
Cancel
Vote Up 0 Vote Down

Cancel
0 rfcat_vk over 6 years ago in reply to Marcos Ramirez

Hi Marcos,

you will need two rules if you require access both ways.

source LAN -> network-1 -> destination LAN -> network-2 -> any (all ports) -> log (to help with debugging.

source LAN -> network-2 -> destination LAN -> network-1 -> any -> log

Ian

XG115W - v19.5.1 mr-1 - Home

If a post solves your question please use the 'Verify Answer' button.
Cancel
Vote Up 0 Vote Down

Cancel
0 Marcos Ramirez over 6 years ago in reply to rfcat_vk

Hello again. I have created the following rules

zone: lan

Source: 192.168.1.250 (server ip)

zone: lan

Destination: any

********

zone: lan

origin: any

zone: lan

Destination: 192.168.1.250

and I can not ping from my computer to the server. my ip is 192.168.1.231 help
Cancel
Vote Up 0 Vote Down

Cancel
0 Mr.Roboto over 6 years ago in reply to Marcos Ramirez

Is there another gateway involved in this scenario?
If there is a simple any any rule between the networks and no filtering, it's like a L-3 device - routing only.

Then enable IPS, if the connections now are blocked, it can be asymmetric routing.
Cancel
Vote Up 0 Vote Down

Cancel

0 Marcos Ramirez over 6 years ago in reply to Mr.Roboto

HELLO MR ROBOTO
I AM NEW IN THIS COULD TELL ME HOW I DO WHAT TO ENABLE IPS.

IN SOME CASES WE CAN NOT GET TO ANOTHER NETWORK, FOR EXAMPLE FROM RANGE 1 TO 9

192.168.1.X
192.168.9.X

I DO NOT ACHIEVE CERTAIN DEVICES UNLESS THEY ARE IN THE SAME RANGE