Solved

TZ180 : routing traffic between two subnets

Posted on 2009-07-16
6
860 Views
Last Modified: 2013-11-16
I have attached a drawing of the network.
In the left side of the drawing this is the existing network of site01 company
In the right side of the drawing this is the new network will add to the existing one.
As you can see there is a Sonicall firewall TZ180 on the new network. each of the networkget there own DNS server
The goal is :
how do I setup the Sonicall to transfer requests coming from a computer on network 173.16.0.0/16 over the EVPN network to a device 192.168.220.10
I would like to deny any any rule between the two networks and only the specific IP addresses / ports must be opened as required. This will block viruses from site01 from getting onto the new network.

Thks in adavnce for your feedback
0
Comment
Question by:madinina
  • 3
  • 3
6 Comments
 
LVL 32

Expert Comment

by:nappy_d
ID: 24874684
You need to setup a rule on both TZ units as such:

Unit A Rule

Source IP 173.16.0.x/16 Destination IP 192.168.220.10 Protocol x

Unit B Rule

Source IP 192.168.220.10 Destination IP 173.16.0.x/16 Protocal x
0
 

Author Comment

by:madinina
ID: 24876054
Nappy,

There is only one firewall not two.
The subnet173.13.0.x/16 is connected to the DMZ port of the firewall and the other subnet is connected to the LAN internal port of the firewall.
0
 
LVL 32

Expert Comment

by:nappy_d
ID: 24877580
OK then the same principle applies.   The source and destination would be your OPT(DMZ) and your LAN ports...

Rule 1
Source IP 173.16.0.x/16 Interface LAN Destination IP 192.168.220.10 Interface Opt Protocol x

Rule 2
Source IP 192.168.220.10 Interface Opt Destination IP 173.16.0.x/16 Interface LAN Protocol x
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 

Author Comment

by:madinina
ID: 24877767
What about the defaut rules. Do I have to deny them??
Madinina
0
 
LVL 32

Accepted Solution

by:
nappy_d earned 250 total points
ID: 24877793
You should unless you want other unwanted traffic between your DMZ and LAN to traverse each other.
0
 

Author Comment

by:madinina
ID: 24947320
I added a routing rule for both way but I got packets dropped when I ping from 176.16.0.1 to 192.168.220.10

176.16.0.1 (host)---------------176.16.0.50(DMZ FW interface)
                                                 |
                                     192.168.220.50 (LAN Firewall interface)
                                                 |
                                                 |
                                                 |
                                      192.168.220.10 (host)

Both firewall interfaces are on the same physical firewall. There is no two firewalls
         
     

Any idea ?
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The DROP (Spamhaus Don't Route Or Peer List) is a small list of IP address ranges that have been stolen or hijacked from their rightful owners. The DROP list is not a DNS based list.  It is designed to be downloaded as a file, with primary intention…
Imagine you have a shopping list of items you need to get at the grocery store. You have two options: A. Take one trip to the grocery store and get everything you need for the week, or B. Take multiple trips, buying an item at a time, to achieve t…
This is an introductory video for CloudBerry Managed Backup. You will learn how to sign up with the service and get started in a few minutes.
A simple description of email encryption using a secure portal service. This is one of the choices offered by The Email Laundry for email encryption. The other choices are pdf encryption which creates an encrypted pdf of your email and any attachmen…

911 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now