Watchguard Unable to Access IP on Same Subnet

we have a web based device that we were able to access fine before installing the watchguard and now are not able to.. here is the scenario
the Site is at IP - *.*.173.130 / 28.. Our Static IP is *.*.173.131 / 28. i am able to access this site from other locations... To test i bypassed the firewall by plugging in the Ethernet cable directly from the ISP to my PC and gave it the static IP of *.*.173.131... i originally assumed this to be a routing issue at the ISP level As I am able to access it just fine bypassing the watchguard.  I have added a route for that IP using the Gateway of the watchguard with no luck
bdsstepAsked:
Who is Participating?
 
bdsstepConnect With a Mentor Author Commented:
we have contacted our ISP and they have decided to give us and IP in a different Subnet to resolve the problem.
0
 
Mike RoeCommented:
Which watchguard firewall
0
 
bdsstepAuthor Commented:
XTM25
0
Managing Security & Risk at the Speed of Business

Gartner Research VP, Neil McDonald & AlgoSec CTO, Prof. Avishai Wool, discuss the business-driven approach to automated security policy management, its benefits and how to align security policy management with business processes to address today's security challenges.

 
Mike RoeCommented:
you need to create an inbound policy so that the traffic is routed to the internal ip

open up the ports
0
 
bdsstepAuthor Commented:
Sorry, Maybe my post was not correct, or i am mis undestanding...
the Web Device that we need to access is at .130
OUR IP with the Watchguard XTM25 is .131

on the .130 it is setup as a straight NAT on port 80 and IS accessible from anywhere else in the world, just not from behind this Firebox.
0
 
Mike RoeCommented:
ok my fault.  you need to have a policy to let out traffic to port 80 from internal ip addresses to to your external isp
0
 
bdsstepAuthor Commented:
we are not filtering or blocking any outbound traffic... we are also not able to Ping the .130 (web interface)
0
 
Mike RoeCommented:
mine is setup as a http proxy from my internal ip addresses to my external port that goes out to my isp
0
 
Mike RoeCommented:
can you put screen shots on here of your policy with ip addresses
0
 
Mike RoeCommented:
do you have a log file from the watchguard
0
 
Mike RoeCommented:
For ping you need to open icmp
0
 
bdsstepAuthor Commented:
We are Not Blocking Any outbound traffic.  so i don't think it is a policy issue, it appears to be a routing issue... without the route i get

PING *.*.173.130 (*.*.173.130) 56(84) bytes of data.
From *.*.173.131 icmp_seq=1 Destination Host Unreachable
From *.*.173.131 icmp_seq=2 Destination Host Unreachable
From *.*.173.131 icmp_seq=3 Destination Host Unreachable
0
 
bdsstepAuthor Commented:
ICMP is enabled on the .130 end.. I am able to ping it from any other location
0
 
Mike RoeCommented:
do you have any log files
0
 
Mike RoeCommented:
that works too
0
 
bdsstepAuthor Commented:
figured it out on our own
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.