Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 5 replies
  • Answers 1 answer
  • Subscribers 26 subscribers
  • Views 11385 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

RED 50 Set up Standard/Unified

Timothy Jee

Good day,

 

Please assist, I have set up a RED 50 in Standard/Unified to an XG 230

Created a Zone for RED and applied the RED device to the Zone

Created Firewall Rules for RED to LAN, LAN to RED and RED to WAN

On a device connected behind the RED I can ping any device behind the XG Firewall and can access any service

On a device behind the XG Firewall I cannot ping nor access any services on a device behind the RED

If I run a Traceroute from a device behind the XG Firewall to a device behind the RED it attempts to go through the WAN interface instead of the LAN interface

If I run a ping or Traceroute from the XG Firewall to a device behind the RED I get a response

 

I have a feeling that this is a routing issue, we make use of Policy Routes and IPSec Tunnels so the routing order is set as VPN, Policy, Static

 

Any assistance would be  much appreciated

 

Thanks

Timothy



This thread was automatically locked due to age.
Parents
  • 0 in reply to lferrara

    Hi Luk,

    I went through that thread now, not sure how I missed it

     

    My set up is as follows

    SiteA has the XG Firewall

    SiteB has the RED 50

    SiteB is conencted to SiteA, firewall rules in place as mentioned earlier

    SiteA IP Range - 192.168.0.0/24

    SiteB IP Range - 192.168.111.0/24

    RED IP - 192.168.111.254 (This is the Gateway IP for SiteB)

     

    If I set up a unicast route with Dest 192.168.0.0/24, Gateway 192.168.111.254 and Interface reds1 I get and error that the Gateway and interface have the same IP

    I can't change the RED IP as it needs to give off DHCP on 192.168.111.0/24

     

    Is there something I am missing, or doing incorrectly?

     

    Timothy

  • 0 in reply to Timothy Jee

    Timothy,

    thre destination network must be 192.168.111.0 and not the local network.

    Also show the RED configuration and unicast.

    Regards

  • 0 in reply to lferrara

    Hi Luk,

    Apologies for not getting back to you, I had to put the ReD setup on the back burner for some time as things got very busy

    I am looking at this again and following your instructions I set the Destination network to 192.168.111.0/24, Gateway 192.168.111.254 and Interface to reds1 - 192.168.111.254 and get the error that the Interface and Gateway have the same IP

    Will post screenshots of the config and unicast as soon as I can

     

    Timothy

  • 0 in reply to lferrara

    Hi Luk,

    I have gone over my setting again and found the issue

    I had set up a Policy Route for the RED Network to go through the main link, I realised that this was unnecessary

    Doing this gave me access fromt he RED Network to the main network, but not the main network to the RED Network

    I figured that it still had to be with the Policy Routing and went back to my Route Precedence

    I changed the precedence from VPN, Policy, Static to VPN, Static, Policy and it is working

    Thank you for the assitance you had given

    Timothy

Reply
  • 0 in reply to lferrara

    Hi Luk,

    I have gone over my setting again and found the issue

    I had set up a Policy Route for the RED Network to go through the main link, I realised that this was unnecessary

    Doing this gave me access fromt he RED Network to the main network, but not the main network to the RED Network

    I figured that it still had to be with the Policy Routing and went back to my Route Precedence

    I changed the precedence from VPN, Policy, Static to VPN, Static, Policy and it is working

    Thank you for the assitance you had given

    Timothy

Children
No Data