TZ180 : routing traffic between two subnets

I have attached a drawing of the network.
In the left side of the drawing this is the existing network of site01 company
In the right side of the drawing this is the new network will add to the existing one.
As you can see there is a Sonicall firewall TZ180 on the new network. each of the networkget there own DNS server
The goal is :
how do I setup the Sonicall to transfer requests coming from a computer on network over the EVPN network to a device
I would like to deny any any rule between the two networks and only the specific IP addresses / ports must be opened as required. This will block viruses from site01 from getting onto the new network.

Thks in adavnce for your feedback
Who is Participating?
nappy_dConnect With a Mentor Commented:
You should unless you want other unwanted traffic between your DMZ and LAN to traverse each other.
You need to setup a rule on both TZ units as such:

Unit A Rule

Source IP 173.16.0.x/16 Destination IP Protocol x

Unit B Rule

Source IP Destination IP 173.16.0.x/16 Protocal x
madininaAuthor Commented:

There is only one firewall not two.
The subnet173.13.0.x/16 is connected to the DMZ port of the firewall and the other subnet is connected to the LAN internal port of the firewall.
WEBINAR: GDPR Implemented - Tips & Lessons Learned

Join the WatchGuard team on Thursday, March 29th as we recount some valuable lessons learned in weighing the needs of a business against the new regulatory environment, look ahead at the two months left before implementation, and help you understand the steps you can take today!

OK then the same principle applies.   The source and destination would be your OPT(DMZ) and your LAN ports...

Rule 1
Source IP 173.16.0.x/16 Interface LAN Destination IP Interface Opt Protocol x

Rule 2
Source IP Interface Opt Destination IP 173.16.0.x/16 Interface LAN Protocol x
madininaAuthor Commented:
What about the defaut rules. Do I have to deny them??
madininaAuthor Commented:
I added a routing rule for both way but I got packets dropped when I ping from to (host)--------------- FW interface)
                            (LAN Firewall interface)

Both firewall interfaces are on the same physical firewall. There is no two firewalls

Any idea ?
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.