Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 5 replies
  • Answers 1 answer
  • Subscribers 28 subscribers
  • Views 778 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Unable tu reach public ip

cherif metarfi

Hello 

i have two sites with two public static IPs IP1 : a.b.c.2/22 and it's getway is a.b.c.1 the second site have the following ip : a.b.c.6/22 and it's getway is a.b.c.5

my probleme is when i try to reach or ping a site from another it works fine but when i put sophos XG firwall and the wan port take the public adress sites become unreachable for example from firewall in site one i can reach the ip1 getway but not the second site and when i try to tracert it the request does not reach even the gateway router 

 

Can anyone help me with this Problem ?



This thread was automatically locked due to age.
Parents
  • 0

    Hi cherif,

    I think you have your masks wrong because both XGs are in the same /22 on different physical connections?

    Ian

  • 0 in reply to rfcat_vk

    i don't think it's a mask issue because if i remove the firewall and i use a pc that take the public ip i can reach the other side normally 

  • 0 in reply to cherif metarfi

    Hi  

    I believe  is correct. Here your both the ISP IPs having /22 subnet which is putting them in the same network segment and while you are assigning/configuring this on XG as a WAN over 2 different physical port, it will create a ARP or network conflict issue.

    As a best practice it is not advisable to configure same network over two different physical Interface of same XG.

    In short to reach a.b.c.5 firewall will get the ARP or network connectivity via  2 different physical WAN Interfaces and that may create a problem with your gateway status ( Up/Down) or in some cases gateway will not be able to make status up at all as it will forward ARP via 1st Interface due to same network availability.

Reply
  • 0 in reply to cherif metarfi

    Hi  

    I believe  is correct. Here your both the ISP IPs having /22 subnet which is putting them in the same network segment and while you are assigning/configuring this on XG as a WAN over 2 different physical port, it will create a ARP or network conflict issue.

    As a best practice it is not advisable to configure same network over two different physical Interface of same XG.

    In short to reach a.b.c.5 firewall will get the ARP or network connectivity via  2 different physical WAN Interfaces and that may create a problem with your gateway status ( Up/Down) or in some cases gateway will not be able to make status up at all as it will forward ARP via 1st Interface due to same network availability.

Children