Routing or Port Forwarding

HI Dani, 

All you would need to do is create a rule Between LAN zone and allow ANY address or Specify both networks visa Versa. 

As per the snaps consider LAN another Zone , I have used DMZ you can ignore that if both zone is the same

.

Thanks a lot, it worked. But, can I have more explanation about the idea here? I mean, those are two totally different subnets, why we didn't use routing?

Hello,

My assumption to your question, why not use routing.

I imagine behind the GUI, the XG knows how to send the traffic between the two subnets / networks.  Since they are in the same Zone, and you have the correct policy / Rules setup, XG  is routing the packets between the two devices on each I.P. segment with out needing you to create specific static routing entries for the two I.P. segments.

On my UTM I had 5 vlans, each one was a different I.P. address segment. I did not have to set static routing addresses / rules like one would in a Cisco Router or similar router. I just set a rule / firwall policy that said vlan 10 and 20 can talk with each other and the WAN. The rule or policy behind the scenes was allowing the packets / devices on each I.P. range to talk to each other. If the destination was not on vlan 10, it sent it over to vlan 20. When you set up the networks and add them to the interfaces, XG knows what is where, so you then just needed the rules / policy to allow each to talk or go out to the WAN. Just trying to explain very simply. 

I am sure behind the scene XG, like a Cisco router, will learn what networks are on what interface and then decide where to forward a packet based on rules or policies for the networks. Various protocols can be run on a router to identify what networks are on what interfaces. Besides the learned or discovered networks that a router knows about, you can when needed add Static routes as well to a router. XG is just doing some things for you, and if you have a specific need to have to add a custom static entry in a routing table, UTM / XG gives you that ability.

My thoughts on the topic, if anyone can better explain, please do, or if I made a mistake, please correct me.

Chad

Hello,

My assumption to your question, why not use routing.

I imagine behind the GUI, the XG knows how to send the traffic between the two subnets / networks.  Since they are in the same Zone, and you have the correct policy / Rules setup, XG  is routing the packets between the two devices on each I.P. segment with out needing you to create specific static routing entries for the two I.P. segments.

On my UTM I had 5 vlans, each one was a different I.P. address segment. I did not have to set static routing addresses / rules like one would in a Cisco Router or similar router. I just set a rule / firwall policy that said vlan 10 and 20 can talk with each other and the WAN. The rule or policy behind the scenes was allowing the packets / devices on each I.P. range to talk to each other. If the destination was not on vlan 10, it sent it over to vlan 20. When you set up the networks and add them to the interfaces, XG knows what is where, so you then just needed the rules / policy to allow each to talk or go out to the WAN. Just trying to explain very simply. 

I am sure behind the scene XG, like a Cisco router, will learn what networks are on what interface and then decide where to forward a packet based on rules or policies for the networks. Various protocols can be run on a router to identify what networks are on what interfaces. Besides the learned or discovered networks that a router knows about, you can when needed add Static routes as well to a router. XG is just doing some things for you, and if you have a specific need to have to add a custom static entry in a routing table, UTM / XG gives you that ability.

My thoughts on the topic, if anyone can better explain, please do, or if I made a mistake, please correct me.

Chad

Chad,

what you are saying is correct. XG knows exactly where direct attached network are attached (as any other layer 3 device). On Cisco, for example, with a show ip route you will see the network directly connected and the other that are reachable using an interface/next hop.

XG acts the same, but you have to create proper firewall rules between zones in order to allow traffic. In this case, user has 3 ports (LAN1, WAN and LAN2).

Traffic is blocked if a proper rule does not exist. As soon you have an other interface (VLAN or another LAN) a firewall rule is needed. This is correct because inside the firewall you have to block everything not needed.

If XG does not know how to reach a network it will use its routing table and take a decision.

What you are saying is correct.

Merry Christmas!