Zone to zone interaction PBF

pyrainath — Tue, 09 Apr 2024 06:04:24 GMT

Hi All,

i have some doubts ....

1.i have three zone TRUST,DMZ,UNTRUST.

2.there is a nat policy from TRUST zone, DMZ zone to untrust

3.all interface is under same VR .and there i haven't add any static route yet. instead i create a PBF rule from both TRUST AND DMZ to UNTRUST (destination interface=untrust interface, next-hop untrust pc)

4.Securty policy to allow traffic from trust,DMZ to untrust zone

5.i can reach to untrust PC from DMZ,TRUST .

I want my trust and dmz to communicate each other so i simply add the security rule which allow traffic from trust to dmz,dmz to trust.

but nothing worked as i expected. when i checked the traffic i saw that the traffic from trust is getting nated to the untrust ip and the traffic flow showing that it is going from trust to untrust . same goes for when i tried ping to trust from dmz zone.

so i disabled the pbf rule and every things working . whenever i enable the pbf rule its getting nated to untrust interface ip also its working when i create a static route for interacting with untrust.

only thing is these zones cant communicate each other if i enabled the PBF.any idea why this is happening

Re: Zone to zone interaction PBF

pyrainath — Tue, 09 Apr 2024 06:10:43 GMT

dia

topic Re: Zone to zone interaction PBF in General Topics

Zone to zone interaction PBF

Re: Zone to zone interaction PBF