Solved

Watchguard Unable to Access IP on Same Subnet

Posted on 2013-06-21
16
492 Views
Last Modified: 2013-07-14
we have a web based device that we were able to access fine before installing the watchguard and now are not able to.. here is the scenario
the Site is at IP - *.*.173.130 / 28.. Our Static IP is *.*.173.131 / 28. i am able to access this site from other locations... To test i bypassed the firewall by plugging in the Ethernet cable directly from the ISP to my PC and gave it the static IP of *.*.173.131... i originally assumed this to be a routing issue at the ISP level As I am able to access it just fine bypassing the watchguard.  I have added a route for that IP using the Gateway of the watchguard with no luck
0
Comment
Question by:bdsstep
  • 9
  • 7
16 Comments
 
LVL 9

Expert Comment

by:M Roe
ID: 39267063
Which watchguard firewall
0
 

Author Comment

by:bdsstep
ID: 39267071
XTM25
0
 
LVL 9

Expert Comment

by:M Roe
ID: 39267072
you need to create an inbound policy so that the traffic is routed to the internal ip

open up the ports
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 

Author Comment

by:bdsstep
ID: 39267079
Sorry, Maybe my post was not correct, or i am mis undestanding...
the Web Device that we need to access is at .130
OUR IP with the Watchguard XTM25 is .131

on the .130 it is setup as a straight NAT on port 80 and IS accessible from anywhere else in the world, just not from behind this Firebox.
0
 
LVL 9

Expert Comment

by:M Roe
ID: 39267086
ok my fault.  you need to have a policy to let out traffic to port 80 from internal ip addresses to to your external isp
0
 

Author Comment

by:bdsstep
ID: 39267094
we are not filtering or blocking any outbound traffic... we are also not able to Ping the .130 (web interface)
0
 
LVL 9

Expert Comment

by:M Roe
ID: 39267096
mine is setup as a http proxy from my internal ip addresses to my external port that goes out to my isp
0
 
LVL 9

Expert Comment

by:M Roe
ID: 39267098
can you put screen shots on here of your policy with ip addresses
0
 
LVL 9

Expert Comment

by:M Roe
ID: 39267103
do you have a log file from the watchguard
0
 
LVL 9

Expert Comment

by:M Roe
ID: 39267123
For ping you need to open icmp
0
 

Author Comment

by:bdsstep
ID: 39267127
We are Not Blocking Any outbound traffic.  so i don't think it is a policy issue, it appears to be a routing issue... without the route i get

PING *.*.173.130 (*.*.173.130) 56(84) bytes of data.
From *.*.173.131 icmp_seq=1 Destination Host Unreachable
From *.*.173.131 icmp_seq=2 Destination Host Unreachable
From *.*.173.131 icmp_seq=3 Destination Host Unreachable
0
 

Author Comment

by:bdsstep
ID: 39267134
ICMP is enabled on the .130 end.. I am able to ping it from any other location
0
 
LVL 9

Expert Comment

by:M Roe
ID: 39272496
do you have any log files
0
 

Accepted Solution

by:
bdsstep earned 0 total points
ID: 39272694
we have contacted our ISP and they have decided to give us and IP in a different Subnet to resolve the problem.
0
 
LVL 9

Expert Comment

by:M Roe
ID: 39272818
that works too
0
 

Author Closing Comment

by:bdsstep
ID: 39324418
figured it out on our own
0

Featured Post

On Demand Webinar - Networking for the Cloud Era

This webinar discusses:
-Common barriers companies experience when moving to the cloud
-How SD-WAN changes the way we look at networks
-Best practices customers should employ moving forward with cloud migration
-What happens behind the scenes of SteelConnect’s one-click button

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
adjusting startup config 6 55
svi stops eigrp advertisement 13 62
what is mstp 6 66
VLAN access port question 3 32
Getting hacked is no longer a matter or "if you get hacked" — the 2016 cyber threat landscape is now titled "when you get hacked." When it happens — will you be proactive, or reactive?
Configuring network clients can be a chore, especially if there are a large number of them or a lot of itinerant users.  DHCP dynamically manages this process, much to the relief of users and administrators alike!
Viewers will learn how to properly install and use Secure Shell (SSH) to work on projects or homework remotely. Download Secure Shell: Follow basic installation instructions: Open Secure Shell and use "Quick Connect" to enter credentials includi…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

726 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question