I have attempted to pass http/s traffic from one subnet to another through an ASG v7 firewall, and I began to look closely at the routing table on the firewall. I then attempted to create a new route, first as an "interface route" and then as a "gateway route". I noticed that when I attempted to use the gateway route it would not let me put a simple ip address in as a "gateway" - When I select a device that has just an ip address defined, and attempt to drag it over to the field called "Gateway", it refuses to accept the "dragged" device, and slides it back over to the left-hand column. After several tries, it appears that the correct configuration of an answer has to be the ip address with a subnet mask (i.e., 10.20.200.64/26, as opposed to 10.20.200.64, without the mask).
At some other point, when I attempt to create a new interface, and gave it an ip address, it would blink a red box around the address when I attempted to save the configuration, which would imply that it didn't like the address.
In each situation, what is the specific requirement that I am violating that causes these addresses to be rejected? (The latter is shown in an attachment.)
Furthermore, when I read the manual, it says that the only two times I would need an iterface route, in contrast to a gateway route, is if the route address was not directly connected to the firewall, or if the IP address would be changing/unknown. Neither of these is the case, so I believe it should be configured as a "gateway route", but then it demands the "/26" at the end, implying a subnet mask. I keep thinking that the target should be an individual IP address, and not a range of addresses.
Thanks.
This thread was automatically locked due to age.
