Main firewall: XGS2100 at v.19.5
new Remote firewall: XG125w at v.19.5
old remote RED15
I am trying to migrate a remote site from RED15 to a site-site RED using a XG125w while keeping the remote LAN IP range intact.
I set up the new remote RED tunnel between the production main firewall and the new XG125w and made sure it's all working.
I then had someone at the remote site disconnected the RED15, disabled the RED interface/related DHCP on the main firewall, checked firewall rules, updated the static routes for the remote LAN (since it's now moved from the main firewall back to the new remote XG125), and updated the XG125 accordingly (LAN/bridge IP, DHCP, firewall rules etc.).
Now the new RED tunnel is up and running. But the remote LAN is not talking to the HQ. Packet capture on the HQ main firewall showed that return traffic for the remote LAN is still routed to the disabled REDS1 interface while the inbound traffic is received correctly on REDS2 via the new tunnel.
Is there a way to clear the routing table in GUI or CLI after the interface changes? I ran into a similar routing table issue on the same firewall in v.18. I ended up rebooting the firewall. But this is our main firewall handling 24x7 busineess communication. I would much prefer not having to schedule a downtime just for a test or reconfiguring a small site.
And I hope I don't have to create a new LAN at the remote site because it will be a lot more work to migrate all the static devices to the new IP range without missing anything or breaking any service.
All input is appreciated!
This thread was automatically locked due to age.
