[2 days left] What’s wrong with your cloud strategy? Learn why multicloud solutions matter with Nimble Storage.Register Now

x
?
Solved

Watchguard Unable to Access IP on Same Subnet

Posted on 2013-06-21
16
Medium Priority
?
503 Views
Last Modified: 2013-07-14
we have a web based device that we were able to access fine before installing the watchguard and now are not able to.. here is the scenario
the Site is at IP - *.*.173.130 / 28.. Our Static IP is *.*.173.131 / 28. i am able to access this site from other locations... To test i bypassed the firewall by plugging in the Ethernet cable directly from the ISP to my PC and gave it the static IP of *.*.173.131... i originally assumed this to be a routing issue at the ISP level As I am able to access it just fine bypassing the watchguard.  I have added a route for that IP using the Gateway of the watchguard with no luck
0
Comment
Question by:bdsstep
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 9
  • 7
16 Comments
 
LVL 9

Expert Comment

by:Mike Roe
ID: 39267063
Which watchguard firewall
0
 

Author Comment

by:bdsstep
ID: 39267071
XTM25
0
 
LVL 9

Expert Comment

by:Mike Roe
ID: 39267072
you need to create an inbound policy so that the traffic is routed to the internal ip

open up the ports
0
Will your db performance match your db growth?

In Percona’s white paper “Performance at Scale: Keeping Your Database on Its Toes,” we take a high-level approach to what you need to think about when planning for database scalability.

 

Author Comment

by:bdsstep
ID: 39267079
Sorry, Maybe my post was not correct, or i am mis undestanding...
the Web Device that we need to access is at .130
OUR IP with the Watchguard XTM25 is .131

on the .130 it is setup as a straight NAT on port 80 and IS accessible from anywhere else in the world, just not from behind this Firebox.
0
 
LVL 9

Expert Comment

by:Mike Roe
ID: 39267086
ok my fault.  you need to have a policy to let out traffic to port 80 from internal ip addresses to to your external isp
0
 

Author Comment

by:bdsstep
ID: 39267094
we are not filtering or blocking any outbound traffic... we are also not able to Ping the .130 (web interface)
0
 
LVL 9

Expert Comment

by:Mike Roe
ID: 39267096
mine is setup as a http proxy from my internal ip addresses to my external port that goes out to my isp
0
 
LVL 9

Expert Comment

by:Mike Roe
ID: 39267098
can you put screen shots on here of your policy with ip addresses
0
 
LVL 9

Expert Comment

by:Mike Roe
ID: 39267103
do you have a log file from the watchguard
0
 
LVL 9

Expert Comment

by:Mike Roe
ID: 39267123
For ping you need to open icmp
0
 

Author Comment

by:bdsstep
ID: 39267127
We are Not Blocking Any outbound traffic.  so i don't think it is a policy issue, it appears to be a routing issue... without the route i get

PING *.*.173.130 (*.*.173.130) 56(84) bytes of data.
From *.*.173.131 icmp_seq=1 Destination Host Unreachable
From *.*.173.131 icmp_seq=2 Destination Host Unreachable
From *.*.173.131 icmp_seq=3 Destination Host Unreachable
0
 

Author Comment

by:bdsstep
ID: 39267134
ICMP is enabled on the .130 end.. I am able to ping it from any other location
0
 
LVL 9

Expert Comment

by:Mike Roe
ID: 39272496
do you have any log files
0
 

Accepted Solution

by:
bdsstep earned 0 total points
ID: 39272694
we have contacted our ISP and they have decided to give us and IP in a different Subnet to resolve the problem.
0
 
LVL 9

Expert Comment

by:Mike Roe
ID: 39272818
that works too
0
 

Author Closing Comment

by:bdsstep
ID: 39324418
figured it out on our own
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Getting hacked is no longer a matter or "if you get hacked" — the 2016 cyber threat landscape is now titled "when you get hacked." When it happens — will you be proactive, or reactive?
I recently attended Cisco Live! in Las Vegas, a conference that boasted over 28,000 techies in attendance, and a week of hands-on learning hosted by a solid partner with which Concerto goes to market.  Every year, Cisco displays cutting-edge technol…
Viewers will learn how to properly install and use Secure Shell (SSH) to work on projects or homework remotely. Download Secure Shell: Follow basic installation instructions: Open Secure Shell and use "Quick Connect" to enter credentials includi…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Suggested Courses

649 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question