L3 gateway Interface traffic relaying

cancel
Showing results for 
Search instead for 
Did you mean: 

L3 gateway Interface traffic relaying

L3 Networker

Hello All,

just want to share one thought about problem which I faced with. One of L3 interface on PAN 500 was configured as default gateway (192.168.0.1/24 sec zone "trusted") for one network. On that trusted network I have two servers, one terminal 192.168.0.10/24 and VPN 192.168.0.15/24. VPN clients with IP pool 192.168.50.0/24 are making connection's to terminal server. Response going through gateway interface 192.168.0.1, where vrouter has route 192.168.50.0/24 via 192.168.0.15/24. Problem begins in moment when terminal server had to make connection to VPN client, but it didn't. To cope with problem only solution is to add static route to terminal server 192.168.50.0/24 via 192.168.0.15/24, and then working as well (bypassing default gateway).

If considering that traffic by default were permitted within same security zone, I'm unable to understand why traffic cannot be relayed even I make explicit policy, which permits all traffic within trusted zone.

From perspective of securing traffic, there is no needed any filtering, just traffic relaying within same subnet and same sec zone. Before this setup we have some simple linux firewall with ip tables, where this working, without sec rule, just routing and relaying.....



Tician

2 REPLIES 2

L3 Networker

Hi Tician,

First of all I would recommend opening a case with tech support. There are a few things that could go wrong here so I would start with the traffic logs. If you have an explicit rule in place there should be logging for the session to verify it is allowed and the log details will confirm if packets are being sent and received. Assuming everything looks ok here try running a packet capture with filters for both directions (.10 to .15 and vice versa) and all 4 stages set. The drop stage will show if anything is being dropped out and counters may give the reason for any drops. This doc should help with setting up the filters and checking the counters.

Packet Capture, Debug Flow-basic and Counter Commands

regards,

Brandon

L0 Member

Sounds like you need a route for 192.168.50.0/24 on the firewall.

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!