• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 504
  • Last Modified:

Watchguard Unable to Access IP on Same Subnet

we have a web based device that we were able to access fine before installing the watchguard and now are not able to.. here is the scenario
the Site is at IP - *.*.173.130 / 28.. Our Static IP is *.*.173.131 / 28. i am able to access this site from other locations... To test i bypassed the firewall by plugging in the Ethernet cable directly from the ISP to my PC and gave it the static IP of *.*.173.131... i originally assumed this to be a routing issue at the ISP level As I am able to access it just fine bypassing the watchguard.  I have added a route for that IP using the Gateway of the watchguard with no luck
0
bdsstep
Asked:
bdsstep
  • 9
  • 7
1 Solution
 
Mike RoeCommented:
Which watchguard firewall
0
 
bdsstepAuthor Commented:
XTM25
0
 
Mike RoeCommented:
you need to create an inbound policy so that the traffic is routed to the internal ip

open up the ports
0
 The Evil-ution of Network Security Threats

What are the hacks that forever changed the security industry? To answer that question, we created an exciting new eBook that takes you on a trip through hacking history. It explores the top hacks from the 80s to 2010s, why they mattered, and how the security industry responded.

 
bdsstepAuthor Commented:
Sorry, Maybe my post was not correct, or i am mis undestanding...
the Web Device that we need to access is at .130
OUR IP with the Watchguard XTM25 is .131

on the .130 it is setup as a straight NAT on port 80 and IS accessible from anywhere else in the world, just not from behind this Firebox.
0
 
Mike RoeCommented:
ok my fault.  you need to have a policy to let out traffic to port 80 from internal ip addresses to to your external isp
0
 
bdsstepAuthor Commented:
we are not filtering or blocking any outbound traffic... we are also not able to Ping the .130 (web interface)
0
 
Mike RoeCommented:
mine is setup as a http proxy from my internal ip addresses to my external port that goes out to my isp
0
 
Mike RoeCommented:
can you put screen shots on here of your policy with ip addresses
0
 
Mike RoeCommented:
do you have a log file from the watchguard
0
 
Mike RoeCommented:
For ping you need to open icmp
0
 
bdsstepAuthor Commented:
We are Not Blocking Any outbound traffic.  so i don't think it is a policy issue, it appears to be a routing issue... without the route i get

PING *.*.173.130 (*.*.173.130) 56(84) bytes of data.
From *.*.173.131 icmp_seq=1 Destination Host Unreachable
From *.*.173.131 icmp_seq=2 Destination Host Unreachable
From *.*.173.131 icmp_seq=3 Destination Host Unreachable
0
 
bdsstepAuthor Commented:
ICMP is enabled on the .130 end.. I am able to ping it from any other location
0
 
Mike RoeCommented:
do you have any log files
0
 
bdsstepAuthor Commented:
we have contacted our ISP and they have decided to give us and IP in a different Subnet to resolve the problem.
0
 
Mike RoeCommented:
that works too
0
 
bdsstepAuthor Commented:
figured it out on our own
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

  • 9
  • 7
Tackle projects and never again get stuck behind a technical roadblock.
Join Now