Solved

TZ180 : routing traffic between two subnets

Posted on 2009-07-16
6
867 Views
Last Modified: 2013-11-16
I have attached a drawing of the network.
In the left side of the drawing this is the existing network of site01 company
In the right side of the drawing this is the new network will add to the existing one.
As you can see there is a Sonicall firewall TZ180 on the new network. each of the networkget there own DNS server
The goal is :
how do I setup the Sonicall to transfer requests coming from a computer on network 173.16.0.0/16 over the EVPN network to a device 192.168.220.10
I would like to deny any any rule between the two networks and only the specific IP addresses / ports must be opened as required. This will block viruses from site01 from getting onto the new network.

Thks in adavnce for your feedback
0
Comment
Question by:madinina
  • 3
  • 3
6 Comments
 
LVL 32

Expert Comment

by:nappy_d
ID: 24874684
You need to setup a rule on both TZ units as such:

Unit A Rule

Source IP 173.16.0.x/16 Destination IP 192.168.220.10 Protocol x

Unit B Rule

Source IP 192.168.220.10 Destination IP 173.16.0.x/16 Protocal x
0
 

Author Comment

by:madinina
ID: 24876054
Nappy,

There is only one firewall not two.
The subnet173.13.0.x/16 is connected to the DMZ port of the firewall and the other subnet is connected to the LAN internal port of the firewall.
0
 
LVL 32

Expert Comment

by:nappy_d
ID: 24877580
OK then the same principle applies.   The source and destination would be your OPT(DMZ) and your LAN ports...

Rule 1
Source IP 173.16.0.x/16 Interface LAN Destination IP 192.168.220.10 Interface Opt Protocol x

Rule 2
Source IP 192.168.220.10 Interface Opt Destination IP 173.16.0.x/16 Interface LAN Protocol x
0
How our DevOps Teams Maximize Uptime

Our Dev teams are like yours. They’re continually cranking out code for new features/bugs fixes, testing, deploying, responding to production monitoring events and more. It’s complex. So, we thought you’d like to see what’s working for us. Read the use case whitepaper.

 

Author Comment

by:madinina
ID: 24877767
What about the defaut rules. Do I have to deny them??
Madinina
0
 
LVL 32

Accepted Solution

by:
nappy_d earned 250 total points
ID: 24877793
You should unless you want other unwanted traffic between your DMZ and LAN to traverse each other.
0
 

Author Comment

by:madinina
ID: 24947320
I added a routing rule for both way but I got packets dropped when I ping from 176.16.0.1 to 192.168.220.10

176.16.0.1 (host)---------------176.16.0.50(DMZ FW interface)
                                                 |
                                     192.168.220.50 (LAN Firewall interface)
                                                 |
                                                 |
                                                 |
                                      192.168.220.10 (host)

Both firewall interfaces are on the same physical firewall. There is no two firewalls
         
     

Any idea ?
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Wikipedia defines 'Script Kiddies' in this informal way: "In hacker culture, a script kiddie, occasionally script bunny, skiddie, script kitty, script-running juvenile (SRJ), or similar, is a derogatory term used to describe those who use scripts or…
Optimal Xbox 360 connectivity requires "OPEN NAT". If you use Juniper Netscreen or SSG firewall products in a home setting, the following steps will allow you get rid of the dreaded warning screen below and achieve the best online gaming environment…

726 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question