Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

TZ180 : routing traffic between two subnets

Posted on 2009-07-16
6
Medium Priority
?
880 Views
Last Modified: 2013-11-16
I have attached a drawing of the network.
In the left side of the drawing this is the existing network of site01 company
In the right side of the drawing this is the new network will add to the existing one.
As you can see there is a Sonicall firewall TZ180 on the new network. each of the networkget there own DNS server
The goal is :
how do I setup the Sonicall to transfer requests coming from a computer on network 173.16.0.0/16 over the EVPN network to a device 192.168.220.10
I would like to deny any any rule between the two networks and only the specific IP addresses / ports must be opened as required. This will block viruses from site01 from getting onto the new network.

Thks in adavnce for your feedback
0
Comment
Question by:madinina
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
6 Comments
 
LVL 32

Expert Comment

by:nappy_d
ID: 24874684
You need to setup a rule on both TZ units as such:

Unit A Rule

Source IP 173.16.0.x/16 Destination IP 192.168.220.10 Protocol x

Unit B Rule

Source IP 192.168.220.10 Destination IP 173.16.0.x/16 Protocal x
0
 

Author Comment

by:madinina
ID: 24876054
Nappy,

There is only one firewall not two.
The subnet173.13.0.x/16 is connected to the DMZ port of the firewall and the other subnet is connected to the LAN internal port of the firewall.
0
 
LVL 32

Expert Comment

by:nappy_d
ID: 24877580
OK then the same principle applies.   The source and destination would be your OPT(DMZ) and your LAN ports...

Rule 1
Source IP 173.16.0.x/16 Interface LAN Destination IP 192.168.220.10 Interface Opt Protocol x

Rule 2
Source IP 192.168.220.10 Interface Opt Destination IP 173.16.0.x/16 Interface LAN Protocol x
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 

Author Comment

by:madinina
ID: 24877767
What about the defaut rules. Do I have to deny them??
Madinina
0
 
LVL 32

Accepted Solution

by:
nappy_d earned 750 total points
ID: 24877793
You should unless you want other unwanted traffic between your DMZ and LAN to traverse each other.
0
 

Author Comment

by:madinina
ID: 24947320
I added a routing rule for both way but I got packets dropped when I ping from 176.16.0.1 to 192.168.220.10

176.16.0.1 (host)---------------176.16.0.50(DMZ FW interface)
                                                 |
                                     192.168.220.50 (LAN Firewall interface)
                                                 |
                                                 |
                                                 |
                                      192.168.220.10 (host)

Both firewall interfaces are on the same physical firewall. There is no two firewalls
         
     

Any idea ?
0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this tutorial I will show you with short command examples how to obtain a packet footprint of all traffic flowing thru your Juniper device running ScreenOS. I do not know the exact firmware requirement, but I think the fprofile command is availab…
Do you have a windows based Checkpoint SmartCenter for centralized Checkpoint management?  Have you ever backed up the firewall policy residing on the SmartCenter?  If you have then you know the hassles of connecting to the server, doing an upgrade_…
This course is ideal for IT System Administrators working with VMware vSphere and its associated products in their company infrastructure. This course teaches you how to install and maintain this virtualization technology to store data, prevent vuln…
Visualize your data even better in Access queries. Given a date and a value, this lesson shows how to compare that value with the previous value, calculate the difference, and display a circle if the value is the same, an up triangle if it increased…
Suggested Courses

609 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question