topic Re: I need routing between two internal networks in Next-Generation Firewall Discussions

I need routing between two internal networks

ArtemTokarenko — Sat, 24 Dec 2022 10:08:02 GMT

Hi !

I have a problem with setting up a static route between two internal networks.

There is a networks 
192.168.10.0/24
192.168.20.0/24
192.168.30.0/24
I want to ping between
PC1 192.168.10.30/24
PC2 192.168.20.31/24

I can't figure out what I'm doing wrong

Considering that machines from the inside have access to the Internet

Re: I need routing between two internal networks

TomYoung — Sat, 24 Dec 2022 12:18:28 GMT

Hi @ArtemTokarenko ,

Thank you for the detailed information and screen shots. They are very helpful.

Your pings demonstrate that L2 connectivity is good.

The 1st thing you can do is delete static routes 10 and 20. They are not needed. If you look at More Runtime Stats to the right of your virtual router config, you will see those routes already exist as (A)ctive and (C)onnected. Simply put, the NGFW knows how to route between connected subnets. (You can also delete your disabled NAT rules. They are not needed.)
The 2nd thing you need to do is verify the traffic is going through your NGFW under Monitor > Logs > Traffic. Once you find the traffic logs, you can examine them to see if the NGFW is forwarding the traffic correctly.
If the NGFW is forwarding traffic correctly, then it is another issue (Windows firewall, etc.).
If you do not see the traffic logs, you should enable logging for your default rules by highlighting each rule, selecting Override, and enabling logging. Then traffic that hits those rules will also show in the logs. For example, traffic dropped by the NGFW will hit the interzone-default rule.

Thanks,

Tom

Re: I need routing between two internal networks

ArtemTokarenko — Sat, 24 Dec 2022 12:53:26 GMT

Hi Mr. Young you are right it is the firewall settings at 192.168.20.31 . Thank you so much I've been stuck with this problem for 3 days and now I can get on with my work!