Hello All, just want to share one thought about problem which I faced with. One of L3 interface on PAN 500 was configured as default gateway (192.168.0.1/24 sec zone "trusted") for one network. On that trusted network I have two servers, one terminal 192.168.0.10/24 and VPN 192.168.0.15/24. VPN clients with IP pool 192.168.50.0/24 are making connection's to terminal server. Response going through gateway interface 192.168.0.1, where vrouter has route 192.168.50.0/24 via 192.168.0.15/24. Problem begins in moment when terminal server had to make connection to VPN client, but it didn't. To cope with problem only solution is to add static route to terminal server 192.168.50.0/24 via 192.168.0.15/24, and then working as well (bypassing default gateway). If considering that traffic by default were permitted within same security zone, I'm unable to understand why traffic cannot be relayed even I make explicit policy, which permits all traffic within trusted zone. From perspective of securing traffic, there is no needed any filtering, just traffic relaying within same subnet and same sec zone. Before this setup we have some simple linux firewall with ip tables, where this working, without sec rule, just routing and relaying..... Tician
... View more