Solved

Watchguard Unable to Access IP on Same Subnet

Posted on 2013-06-21
16
482 Views
Last Modified: 2013-07-14
we have a web based device that we were able to access fine before installing the watchguard and now are not able to.. here is the scenario
the Site is at IP - *.*.173.130 / 28.. Our Static IP is *.*.173.131 / 28. i am able to access this site from other locations... To test i bypassed the firewall by plugging in the Ethernet cable directly from the ISP to my PC and gave it the static IP of *.*.173.131... i originally assumed this to be a routing issue at the ISP level As I am able to access it just fine bypassing the watchguard.  I have added a route for that IP using the Gateway of the watchguard with no luck
0
Comment
Question by:bdsstep
  • 9
  • 7
16 Comments
 
LVL 9

Expert Comment

by:M Roe
ID: 39267063
Which watchguard firewall
0
 

Author Comment

by:bdsstep
ID: 39267071
XTM25
0
 
LVL 9

Expert Comment

by:M Roe
ID: 39267072
you need to create an inbound policy so that the traffic is routed to the internal ip

open up the ports
0
 

Author Comment

by:bdsstep
ID: 39267079
Sorry, Maybe my post was not correct, or i am mis undestanding...
the Web Device that we need to access is at .130
OUR IP with the Watchguard XTM25 is .131

on the .130 it is setup as a straight NAT on port 80 and IS accessible from anywhere else in the world, just not from behind this Firebox.
0
 
LVL 9

Expert Comment

by:M Roe
ID: 39267086
ok my fault.  you need to have a policy to let out traffic to port 80 from internal ip addresses to to your external isp
0
 

Author Comment

by:bdsstep
ID: 39267094
we are not filtering or blocking any outbound traffic... we are also not able to Ping the .130 (web interface)
0
 
LVL 9

Expert Comment

by:M Roe
ID: 39267096
mine is setup as a http proxy from my internal ip addresses to my external port that goes out to my isp
0
 
LVL 9

Expert Comment

by:M Roe
ID: 39267098
can you put screen shots on here of your policy with ip addresses
0
Highfive + Dolby Voice = No More Audio Complaints!

Poor audio quality is one of the top reasons people don’t use video conferencing. Get the crispest, clearest audio powered by Dolby Voice in every meeting. Highfive and Dolby Voice deliver the best video conferencing and audio experience for every meeting and every room.

 
LVL 9

Expert Comment

by:M Roe
ID: 39267103
do you have a log file from the watchguard
0
 
LVL 9

Expert Comment

by:M Roe
ID: 39267123
For ping you need to open icmp
0
 

Author Comment

by:bdsstep
ID: 39267127
We are Not Blocking Any outbound traffic.  so i don't think it is a policy issue, it appears to be a routing issue... without the route i get

PING *.*.173.130 (*.*.173.130) 56(84) bytes of data.
From *.*.173.131 icmp_seq=1 Destination Host Unreachable
From *.*.173.131 icmp_seq=2 Destination Host Unreachable
From *.*.173.131 icmp_seq=3 Destination Host Unreachable
0
 

Author Comment

by:bdsstep
ID: 39267134
ICMP is enabled on the .130 end.. I am able to ping it from any other location
0
 
LVL 9

Expert Comment

by:M Roe
ID: 39272496
do you have any log files
0
 

Accepted Solution

by:
bdsstep earned 0 total points
ID: 39272694
we have contacted our ISP and they have decided to give us and IP in a different Subnet to resolve the problem.
0
 
LVL 9

Expert Comment

by:M Roe
ID: 39272818
that works too
0
 

Author Closing Comment

by:bdsstep
ID: 39324418
figured it out on our own
0

Featured Post

What Is Threat Intelligence?

Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

Join & Write a Comment

Suggested Solutions

The article explains the protocols and technology which is involved when two computers on different TCP/IP networks communicate with each other. In the diagram, a router is used to segregate two networks. The networks are 192.168.1.0/24 and 192…
Please see preceding article here: http://www.experts-exchange.com/Networking/Operating_Systems/A_11209-Root-Bridge-Election.html Figure 1 After Root Bridge has been elected, then what?..... Let's start by defining a Root Port in la…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now