We have an ASG 120 with 3 interfaces activated. Besides basic firewall we also subscribe to, and only to, IPS. eth0 is the Lan, eth1 goes to a medical clinic within our building, and eth2 (disabled at the moment) also goes to a clinic within our building. Each interface has a static IP that falls within each network's valid range but is outside the range from the other networks.
I have setup PF rules that allow any traffic in the following way:
- eth0 eth1 = yes
- eth0 eth2 = yes
- eth1 eth2 = no (this is so each clinic can't access each other's network)
We do have IPS turned on. We also plan on locking down services in the future but for initial installation we wanted everything wide open.
The Problem
We are able to ping from eth0 to eth1. I'm not 100% sure vice-versa but I think I can safely assume it pings that direction as well, as I'll explain next. I can access our internal web server from eth1. Some of the Docs from the clinic (on eth1) cannot RDP into their terminal server from our network (eth0) nor can their radiology department (eth1) send DICOM traffic from their system to ours (eth0).
The Findings
The IPS log is empty.
The PF log doesn't show anything blocked with the exception of a multicast that is coming from one of our switches (will fix that once the BIG problem is fixed).
This thread was automatically locked due to age.
