Solved

TZ180 : routing traffic between two subnets

Posted on 2009-07-16
6
872 Views
Last Modified: 2013-11-16
I have attached a drawing of the network.
In the left side of the drawing this is the existing network of site01 company
In the right side of the drawing this is the new network will add to the existing one.
As you can see there is a Sonicall firewall TZ180 on the new network. each of the networkget there own DNS server
The goal is :
how do I setup the Sonicall to transfer requests coming from a computer on network 173.16.0.0/16 over the EVPN network to a device 192.168.220.10
I would like to deny any any rule between the two networks and only the specific IP addresses / ports must be opened as required. This will block viruses from site01 from getting onto the new network.

Thks in adavnce for your feedback
0
Comment
Question by:madinina
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
6 Comments
 
LVL 32

Expert Comment

by:nappy_d
ID: 24874684
You need to setup a rule on both TZ units as such:

Unit A Rule

Source IP 173.16.0.x/16 Destination IP 192.168.220.10 Protocol x

Unit B Rule

Source IP 192.168.220.10 Destination IP 173.16.0.x/16 Protocal x
0
 

Author Comment

by:madinina
ID: 24876054
Nappy,

There is only one firewall not two.
The subnet173.13.0.x/16 is connected to the DMZ port of the firewall and the other subnet is connected to the LAN internal port of the firewall.
0
 
LVL 32

Expert Comment

by:nappy_d
ID: 24877580
OK then the same principle applies.   The source and destination would be your OPT(DMZ) and your LAN ports...

Rule 1
Source IP 173.16.0.x/16 Interface LAN Destination IP 192.168.220.10 Interface Opt Protocol x

Rule 2
Source IP 192.168.220.10 Interface Opt Destination IP 173.16.0.x/16 Interface LAN Protocol x
0
2017 Webroot Threat Report

MSPs: Get the facts you need to protect your clients.
The 2017 Webroot Threat Report provides a uniquely insightful global view into the analysis and discoveries made by the Webroot® Threat Intelligence Platform to provide insights on key trends and risks as seen by our users.

 

Author Comment

by:madinina
ID: 24877767
What about the defaut rules. Do I have to deny them??
Madinina
0
 
LVL 32

Accepted Solution

by:
nappy_d earned 250 total points
ID: 24877793
You should unless you want other unwanted traffic between your DMZ and LAN to traverse each other.
0
 

Author Comment

by:madinina
ID: 24947320
I added a routing rule for both way but I got packets dropped when I ping from 176.16.0.1 to 192.168.220.10

176.16.0.1 (host)---------------176.16.0.50(DMZ FW interface)
                                                 |
                                     192.168.220.50 (LAN Firewall interface)
                                                 |
                                                 |
                                                 |
                                      192.168.220.10 (host)

Both firewall interfaces are on the same physical firewall. There is no two firewalls
         
     

Any idea ?
0

Featured Post

Automating Your MSP Business

The road to profitability.
Delivering superior services is key to ensuring customer satisfaction and the consequent long-term relationships that enable MSPs to lock in predictable, recurring revenue. What's the best way to deliver superior service? One word: automation.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Do you have a windows based Checkpoint SmartCenter for centralized Checkpoint management?  Have you ever backed up the firewall policy residing on the SmartCenter?  If you have then you know the hassles of connecting to the server, doing an upgrade_…
Imagine you have a shopping list of items you need to get at the grocery store. You have two options: A. Take one trip to the grocery store and get everything you need for the week, or B. Take multiple trips, buying an item at a time, to achieve t…
In this brief tutorial Pawel from AdRem Software explains how you can quickly find out which services are running on your network, or what are the IP addresses of servers responsible for each service. Software used is freeware NetCrunch Tools (https…
If you’ve ever visited a web page and noticed a cool font that you really liked the look of, but couldn’t figure out which font it was so that you could use it for your own work, then this video is for you! In this Micro Tutorial, you'll learn yo…

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question