Routing networks physical ports

Angel Gomez 

Rule towards WAN zone will allow traffic of machines from that zone to Internet only and not allow the systems behind that zones to communication with other zones system. 

If you want routing between inter zones then rule for those zones also needed.

Example : LAN to SRV, SRV to LAN, similar way for other zones.

But, I'm using diferent netwotks ranges for intefaces....

Port 1: LAN Users 20.16.5.1/24

Port 2: WAN (ISP Connection Router) 192.168.1.2/24

Port 3: SRV Network 20.126.5.1/24

Port 4: WIFI Networks 20.165.5.1/24

Port 5: Management Network 20.11.5.1/24

Port : Producction Network 20.190.5.1/24

Angel Gomez 

That's fine, the Inter zone rule will have source and destination network and if you will put it as in "Any" it will allow the communication between zone regardless of Interface network.

For example : Below created for testing  to allow traffic from LAN to WiFi zone where network define/set is Any to allow the routing for Any source network to any destination network for that zones.

But...I only need create FW rule or is necessary routing rule to. I was using UTM and is really different...

Angel Gomez 

XG is zone based Firewall,so here rule for zone needed to allow the routing/communication between zones. UTM9 is having different architecture.

KBA : https://community.sophos.com/kb/en-us/126185

Angel Gomez 

XG is zone based Firewall,so here rule for zone needed to allow the routing/communication between zones. UTM9 is having different architecture.

KBA : https://community.sophos.com/kb/en-us/126185

Yes, I've create my zones but I can't comunicate LAN Zone to WAN Zone for example. I've create FW Rule:

But If I try to make ping to WAN IP Interface ping: sendto: No route to host

Angel Gomez :

Please verify NAT action "MASQ" applied in the same LAN to WAN rule.

Traffic for Internet from all zones will be route by default to WAN zone. 

What is the status of WAN gateway? Is it showing up and connected? If it is up and green then you may check the packet request on firewall as per below steps.

For LAN to WAN zone communication, Please connect LAN system to LAN Port1 network and generate PING to  WAN destination like 8.8.8.8 or 4.2.2.2 and confirm the packet request on XG SSH/Telnet as per below steps.

You may check the traffic or packet request via CLI command:

1) Packet request command

console > tcpdump 'host X.X.X.X

2) Drop packet command

console > drop 'host X.X.X.X

where X.X.X.X is the destination, in our case 8.8.8.8 if you started PING to same from your LAN system.

If Packet going out from Port2 then need to check next destination. 

What about the communication between other zones? Have you tested same by creating a required rules? ==> if this is working then inter zone communication is fine and there is a problem for WAN traffic communication only.

Thanks Vishal_R, This problem is solved it now. I did need reconfigure and connect WAN Interface to ISP Router and add gateway to my network interface laptop's (...no comment :P )