This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

I need routing between two internal networks

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

I need routing between two internal networks

Go to solution
ArtemTokarenko
L1 Bithead

‎12-24-2022 02:08 AM

Hi !

I have a problem with setting up a static route between two internal networks.

There is a networks 
192.168.10.0/24
192.168.20.0/24
192.168.30.0/24
I want to ping between
PC1 192.168.10.30/24
PC2 192.168.20.31/24

I can't figure out what I'm doing wrong
Considering that machines from the inside have access to the Internet


1PC.jpeg
2PC.jpeg
PA_Network_VR.jpeg


PA_Network_Interface.jpeg
PA_Metwork_InterfaceMgmt.jpeg

PA_Policy_NAT.jpeg

PA_Policy_Security.jpeg
0 Likes Likes
1 accepted solution

Accepted Solutions

Go to solution
TomYoung
Cyber Elite
Cyber Elite

‎12-24-2022 04:17 AM - edited ‎12-24-2022 04:18 AM

Hi @ArtemTokarenko ,

 

Thank you for the detailed information and screen shots.  They are very helpful.

 

Your pings demonstrate that L2 connectivity is good.

 

  1. The 1st thing you can do is delete static routes 10 and 20.  They are not needed.  If you look at More Runtime Stats to the right of your virtual router config, you will see those routes already exist as (A)ctive and (C)onnected.  Simply put, the NGFW knows how to route between connected subnets.  (You can also delete your disabled NAT rules.  They are not needed.)
  2. The 2nd thing you need to do is verify the traffic is going through your NGFW under Monitor > Logs > Traffic.  Once you find the traffic logs, you can examine them to see if the NGFW is forwarding the traffic correctly.
  3. If the NGFW is forwarding traffic correctly, then it is another issue (Windows firewall, etc.).
  4. If you do not see the traffic logs, you should enable logging for your default rules by highlighting each rule, selecting Override, and enabling logging.  Then traffic that hits those rules will also show in the logs.  For example, traffic dropped by the NGFW will hit the interzone-default rule.

Thanks,

 

Tom

Help the community: Like helpful comments and mark solutions.

View solution in original post

(1)
2 REPLIES 2

Go to solution
TomYoung
Cyber Elite
Cyber Elite

‎12-24-2022 04:17 AM - edited ‎12-24-2022 04:18 AM

Hi @ArtemTokarenko ,

 

Thank you for the detailed information and screen shots.  They are very helpful.

 

Your pings demonstrate that L2 connectivity is good.

 

  1. The 1st thing you can do is delete static routes 10 and 20.  They are not needed.  If you look at More Runtime Stats to the right of your virtual router config, you will see those routes already exist as (A)ctive and (C)onnected.  Simply put, the NGFW knows how to route between connected subnets.  (You can also delete your disabled NAT rules.  They are not needed.)
  2. The 2nd thing you need to do is verify the traffic is going through your NGFW under Monitor > Logs > Traffic.  Once you find the traffic logs, you can examine them to see if the NGFW is forwarding the traffic correctly.
  3. If the NGFW is forwarding traffic correctly, then it is another issue (Windows firewall, etc.).
  4. If you do not see the traffic logs, you should enable logging for your default rules by highlighting each rule, selecting Override, and enabling logging.  Then traffic that hits those rules will also show in the logs.  For example, traffic dropped by the NGFW will hit the interzone-default rule.

Thanks,

 

Tom

Help the community: Like helpful comments and mark solutions.
(1)

Go to solution
ArtemTokarenko
L1 Bithead

‎12-24-2022 04:53 AM

Hi Mr. Young you are right it is the firewall settings at 192.168.20.31 . Thank you so much I've been stuck with this problem for 3 days and now I can get on with my work!

 

 

  • 1 accepted solution
  • 1710 Views
  • 2 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks