Cannot ping devices from one subnet to another.

Hi Justin,

Check #1.1 in my troubleshooting guide and check if the ICMP traffic for both the destination is forwarded or dropped for any reason. Show me the results. 

Thanks

Hi Sachin,

Here are the packet capture results.

Here are my interface details.

Here are the routing details.

and lastly, here is the FW rule that should be processing these requests.

I have tried the drop-packet-capture at your request but the command does not return any results.

Can you see any major issues with my setup?

Hi Justin,

I don't think you require a unicast route to PortE and PortA, try deleting the last two routes. Alongside, is PING/ICMP selected for WLAN and LAN zone in Administration | Device Access?

Thanks

Hi Justin,

I don't think you require a unicast route to PortE and PortA, try deleting the last two routes. Alongside, is PING/ICMP selected for WLAN and LAN zone in Administration | Device Access?

Thanks

Hi Sachin,

I have removed the routes. I only added them after I started having issues to see if that would resolve them.

Yes Ping is enabled on both interfaces.

As I mentioned, the WLAN is able to access the LAN and WAN(s) but LAN cannot access WLAN.

In the packet capture, traffic to the WLAN from the LAN is hitting FW rule 0. Even though there is a LAN > WLAN rule allowing the traffic.

Justin,

static routing are not necessary. Make sure to create a lan to lan firewall rule, otherwise traffic is blocked.

Go to advanced shell from console, option 5 > 3 and type:

route -n

show us the result. Of course remove the static routing before issuing the command.

Thanks

CR50iNG_CA01_SFOS 16.05.6 MR-6# route -n                                        
Kernel IP routing table                                                         
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface   
10.140.0.0      0.0.0.0         255.255.254.0   U     0      0        0 PortA   
10.140.0.231    0.0.0.0         255.255.255.255 UH    0      0        0 ppp0    
10.140.10.0     0.0.0.0         255.255.255.0   U     0      0        0 PortE   
10.140.15.0     0.0.0.0         255.255.255.0   U     0      0        0 PortE.10
0                                                                               
10.140.20.0     0.0.0.0         255.255.255.0   U     0      0        0 ETVDevDM
Z                                                                               
10.140.25.0     0.0.0.0         255.255.255.0   U     0      0        0 PortF   
10.140.50.0     10.140.254.252  255.255.255.0   UG    3      0        0 PortG   
10.140.254.0    10.140.254.252  255.255.255.248 UG    2      0        0 PortG   
10.140.254.248  0.0.0.0         255.255.255.248 U     0      0        0 PortG   
10.224.77.192   10.140.254.252  255.255.255.240 UG    0      0        0 PortG   
61.69.254.220   0.0.0.0         255.255.255.252 U     0      0        0 PortH

Hi Justin , 

Could you initiate the packet capture again after removing the routes. 

Here are is my amended routing table.

Here is the packet capture as requested.

I have the same exact Problem with my Sophos XG 210

I'm trying to route my traffic from my wireless subnet (192.168.20.x) on Port4 to my LAN (192.168.168.x) on Port1

Both are in the LAN Zone.

Traffic is also allowed with Firewall Rules, both to - and from my WiFi.

If I look into my Log, traffic gets approved but it still doesn't work and I can't get access.

Do I have to configure some Special Route for it to work or am I missing something?