Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 4 replies
  • Subscribers 5 subscribers
  • Views 8216 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Unable to ping across internal subnets.

ebsims01

Hi gang. I have an SG330 with a basic configuration:

eth0 - WAN

eth1 - Net1 (10.0.1.0/24)

eth3 - Net3 (10.0.3.0/24)

eth7 - VLAN105/VLAN106 (Nets 10.0.5.0/24 and 10.0.6.0/24 across a bridge between buildings)

eth5 - Net7 (10.0.7.0/24)

Net1 is the primary subnet, where all servers and shared network resources reside. Other subnets compartmentalize different departmets workstations.

Firewall rules are in place to allow workstations to access servers on Net1.

Each department subnet has NAT to internet.

All the above are working with one exception. I cannot ping between subnets. All internal subnets are open to the others. All ICMP parameters in Firewall > ICMP with exception of Allow ICMP through Gateway from external networks and log ICMP redirects are checked.

First firewall rule is "Internal Nets" > "any"+"ping" > "internal Nets" but, no ping across subnets.  Checked and selectively disabled intrusion protection and Application control. No change. Any ideas where to look next?



This thread was automatically locked due to age.
Parents
  • 0

    Hi, and welcome to the UTM Community!

    Does #1 in Rulz give you any clues?

    Cheers - Bob

    PS Alone among the logs, the Firewall Live Log presents abbreviated information in a format easier to read quickly.  Usually, you can't troubleshoot without looking at the corresponding line from the full Firewall log file.

Reply
  • 0

    Hi, and welcome to the UTM Community!

    Does #1 in Rulz give you any clues?

    Cheers - Bob

    PS Alone among the logs, the Firewall Live Log presents abbreviated information in a format easier to read quickly.  Usually, you can't troubleshoot without looking at the corresponding line from the full Firewall log file.

Children
  • 0 in reply to BAlfson

    Good morning Bob,

     

    Actually, the Rulz was my first reference point. I had disabled intrusion protection, threat protection and application control as the first step. I’m kind of weird as I tend to read the documentation first…. 

     

    Had to move a firewall rule but now can ping across the subnets, but I still have an issue with pinging our MS SQL server. It’s up in Amazon world but is on the VPN to our network via a NAT on the Amazon router. As it’s happening across all subnets and no firewall rules seem to change it, I suspect routes need to be added to the Amzon router to encompass all our subnets. Thoughts?

  • 0 in reply to ebsims01

    Are you using an IPsec VPN between your office UTM and the amazon UTM?