Thread Info
  • State Verified Answer
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 8 replies
  • Subscribers 27 subscribers
  • Views 3406 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Routing networks physical ports

Angel Gomez

Hi!

I've a new XG210 and I need create differents networks for interfaces.

Port 1: LAN Users

Port 2: WAN (ISP Connection Router)

Port 3: SRV Network

Port 4: WIFI Networks

Port 5: Management Network

Port : Producction Network

 

And now I need make a routing for:

LAN to WAN

Wifi to WAN

SRV to WAN

.....

 

I'm trying to make Static Routing but is not possible. Which is the way??

 

BR



This thread was automatically locked due to age.
Parents
  • 0

     

    Rule towards WAN zone will allow traffic of machines from that zone to Internet only and not allow the systems behind that zones to communication with other zones system. 

    If you want routing between inter zones then rule for those zones also needed.

    Example : LAN to SRV, SRV to LAN, similar way for other zones.

  • 0 in reply to Vishal_R

    But, I'm using diferent netwotks ranges for intefaces....

     

    Port 1: LAN Users 20.16.5.1/24

    Port 2: WAN (ISP Connection Router) 192.168.1.2/24

    Port 3: SRV Network 20.126.5.1/24

    Port 4: WIFI Networks 20.165.5.1/24

    Port 5: Management Network 20.11.5.1/24

    Port : Producction Network 20.190.5.1/24

  • 0 in reply to Angel Gomez

     

    That's fine, the Inter zone rule will have source and destination network and if you will put it as in "Any" it will allow the communication between zone regardless of Interface network.

    For example : Below created for testing  to allow traffic from LAN to WiFi zone where network define/set is Any to allow the routing for Any source network to any destination network for that zones.

  • 0 in reply to Vishal_R

    But...I only need create FW rule or is necessary routing rule to. I was using UTM and is really different...

  • 0 in reply to Angel Gomez

     

    XG is zone based Firewall,so here rule for zone needed to allow the routing/communication between zones. UTM9 is having different architecture.

    KBA : https://community.sophos.com/kb/en-us/126185

  • 0 in reply to Vishal_R

    Yes, I've create my zones but I can't comunicate LAN Zone to WAN Zone for example. I've create FW Rule:

     

    TEST 1
    in 0 B, out 0 B
    LAN, Any host
    WAN, Any host
    Any service
    Accept
    		  

    But If I try to make ping to WAN IP Interface ping: sendto: No route to host

  • +1 in reply to Angel Gomez

     :

    Please verify NAT action "MASQ" applied in the same LAN to WAN rule.

    Traffic for Internet from all zones will be route by default to WAN zone. 

    What is the status of WAN gateway? Is it showing up and connected? If it is up and green then you may check the packet request on firewall as per below steps.

    For LAN to WAN zone communication, Please connect LAN system to LAN Port1 network and generate PING to  WAN destination like 8.8.8.8 or 4.2.2.2 and confirm the packet request on XG SSH/Telnet as per below steps.

    You may check the traffic or packet request via CLI command:

    1) Packet request command

    console > tcpdump 'host X.X.X.X

    2) Drop packet command

    console > drop 'host X.X.X.X

    where X.X.X.X is the destination, in our case 8.8.8.8 if you started PING to same from your LAN system.

    If Packet going out from Port2 then need to check next destination. 

    What about the communication between other zones? Have you tested same by creating a required rules? ==> if this is working then inter zone communication is fine and there is a problem for WAN traffic communication only.

  • +1 in reply to Vishal_R

    Thanks Vishal_R, This problem is solved it now. I did need reconfigure and connect WAN Interface to ISP Router and add gateway to my network interface laptop's (...no comment :P )

Reply Children
No Data