Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 4 replies
  • Subscribers 2 subscribers
  • Views 1383 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Subnets

lloe1079
Good Morning, my name es Leonardo Duque.

I have an ASG V 7, I need to create two or more subnets and look and they can communicate, and I have created an interface 1: 10.171.13. * (Principal), and create a new 2: 10.171.15 .* (New subnet); The problem is that these two subnets can not see or communicate, but the ping answer me.


Not that I'm missing or doing wrong.

Ayua urgent need.

thanks


This thread was automatically locked due to age.
Parents
  • 0
    First of all, both subnets must have the Astaro as their default gateway, but I presume you have that set up since you say that ping works already.

    Secondly, you are going to need Packet Filter rules to allow non-ICMP traffic between the two networks.  If you want to allow connections in both directions, then you will need both 

    Network1(Network)-->Any-->Network2(Network)-->Allow and 
    Network2(Network)-->Any-->Network1(Network)-->Allow

    The first rule will allow .13 devices to hit .15 targets, and the second allows .15s to hit .13s.

    If your second subnet is only going to hold servers which have no need to initiate connections to your first subnet, then you could skip the second rule (or restrict it to specific services or targets).
Reply
  • 0
    First of all, both subnets must have the Astaro as their default gateway, but I presume you have that set up since you say that ping works already.

    Secondly, you are going to need Packet Filter rules to allow non-ICMP traffic between the two networks.  If you want to allow connections in both directions, then you will need both 

    Network1(Network)-->Any-->Network2(Network)-->Allow and 
    Network2(Network)-->Any-->Network1(Network)-->Allow

    The first rule will allow .13 devices to hit .15 targets, and the second allows .15s to hit .13s.

    If your second subnet is only going to hold servers which have no need to initiate connections to your first subnet, then you could skip the second rule (or restrict it to specific services or targets).
Children
No Data