routing between two local ethernet connections

Sounds like you are using transparent web protection for both subnets.

To have only the firewall rulesets involved between your local subnets you have to add both networks in the destination skip list.

If web traffic is proxied the destination always sees the UTMs IP as source, internal as external (you can not SNAT proxy traffic to an additional IP).

Sounds like you are using transparent web protection for both subnets.

To have only the firewall rulesets involved between your local subnets you have to add both networks in the destination skip list.

If web traffic is proxied the destination always sees the UTMs IP as source, internal as external (you can not SNAT proxy traffic to an additional IP).

thanks, that is what was happening. didn't realize that was on by default and had to make exceptions for lan-to-lan connections.

Hi, Marc, and welcome to the UTM Community!

Kevin's solved your problem, but you might be interested in a document I maintain that I make available to members of the UTM Community, "Configure HTTP Proxy for a Network of Guests."  If you would like me to send you this document, PM me your email address. I also maintain a version auf Deutsch initially translated by fellow member hallowach when he and I did a major revision in 2013.

Cheers - Bob

How about generally opening a new discussion for that topic, Bob. We discussed it via PM and nobody of us went further and opened a thread after it.
Because it's your work I wanted to leave that to you.

I did it right after you suggested it, Kevin - in the Web Protection forum: Discussion about "Configure HTTP Proxy for a Network of Guests"

Cheers - Bob