I have a Watchguard firewall XTM 505 that was just deployed. There are multiple Vlans on a single interface all being tagged.
Trusted interface has
Vlan 1 - 10.10.10.1/24
Vlan 10 - 10.10.20.1/24
There is an application server on vlan 1 with an ip of 10.10.10.5 that needs to communicate to an Oracle DB server that is on vlan 10 with an ip 10.10.20.4.
Both interfaces can ping each other successfully. Performing a TNSPing to Oracle DB from App fails (TNSping from 10.10.10.5 to 10.10.20.4 fails).
When a connection attempt is made from 10.10.10.5 (App) the following log errors show and a connection is never made.
2010-09-28 18:26:45 Deny 10.10.10.5 10.10.20.4 1521/tcp 1681 1521 vlan1 Firebox tcp syn checking failed 292 128 (Internal Policy) proc_id=''firewall'' rc=''101'' tcp_info=''offset 5 A 1161290063 win 65535'' Traffic
Disabling TCP Syn Check did not provide good results.
I attempted to add a rule for port 1521 that allowed from App Server to Oracle DB server that did not work either.
I did not change any NAT or add any routes.
What rules should be applied, whats routes should be built or how should I apply a change in NAT to allow my app server on vlan 1 to communicate with DB server on vlan 2