Solved

Can't ping device on optional network Watchguard Xtm 5Series

Posted on 2014-02-05
8
1,186 Views
Last Modified: 2014-02-24
I'm trying to ping a router on the optional port and can't get a responds thru the trusted network. I have another router on that optional network that responds to ping. To test I've plug in a computer directly into the optional network, assigned an IP and i'm able to ping both routers. But from my trusted network, I can only ping one router .

setup
The trusted network is 10.0.1.X/24 (Interface 10.0.1.1)
the optional network is 10.0.2.x/24 (Interface 10.0.2.1)

Router A is 10.0.2.9 (can ping from trusted)
Router B is 10.0.2.11 (CANT ping from trusted)

Test computer1 10.0.2.100 plugged directly into same hub has above routers. I can ping both routers

Test computer2 10.0.1.100 plugged into same hub has trusted network. This computer can only ping Router A.

There is nothing showing up as being blocked in traffic monitor.

How can I tell if IP 10.0.1.100 is being NAT to 10.0.2.1 when it crossed over to the Optional network? Router B MIGHT have an access rule only allow traffic from 10.0.2.X network....But I can't verify that. Do you know if the 10.0.1.X is NAT to 10.0.2.X when It crosses to the optional port?

Why is it being blocked with no log?

Thanks for any help in advance.
0
Comment
Question by:stevebishop
  • 4
  • 4
8 Comments
 
LVL 9

Expert Comment

by:M Roe
ID: 39836257
setup a rule for icmp from trusted to optional
0
 

Author Comment

by:stevebishop
ID: 39837583
thanks for the reply but I've already have a rule for icmp that says allow from 10.0.1.x to any. (which is trusted to any).

any other suggestions?

I did notice I can ping the device from the diag tool in system manager.

Thanks
0
 

Author Comment

by:stevebishop
ID: 39837590
also the router does have an access rule that only allows 10.0.2.x ip's.

Like I mentioned on my first post, if I setup a computer 10.0.2.100 and plug it directly into the optional network 10.0.2.x...I can ping the 10.0.2.11 router.

Also can ping 10.0.2.11 router from the diag tool in system manager on the watchguard firewall.

but not from the 10.0.1.x , there is nothing showing up as being denied.

Thanks
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 
LVL 9

Expert Comment

by:M Roe
ID: 39842932
do you have any routes setup?

I have a xtm 515 with 4 remote offices and VPN setup.

I do not have any ip addresses in the from and to for ping.  I have any trusted and any optional in from area and any trusted and any otional in the to area with no issues.
0
 
LVL 9

Expert Comment

by:M Roe
ID: 39842945
In the ping setup

from
10.0.2.0/24
10.0.1.0/24

to
10.0.2.0/24
10.0.1.0/24
0
 

Accepted Solution

by:
stevebishop earned 0 total points
ID: 39870510
it ended up being one of the routers had an access list not allowing my internal ip's
0
 
LVL 9

Expert Comment

by:M Roe
ID: 39870539
My answer I believe was used to make person think about other devices and if the ports were open for access.
0
 

Author Closing Comment

by:stevebishop
ID: 39882042
issue was related to an internal setup
0

Featured Post

Live: Real-Time Solutions, Start Here

Receive instant 1:1 support from technology experts, using our real-time conversation and whiteboard interface. Your first 5 minutes are always free.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

I recently had the displeasure of buying a new firewall at one of the buildings I play Sys Admin at. I had to get a better firewall than the cheap one that I had there since I was reconnecting the main office to the satellite office via point-to-poi…
This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
Although Jacob Bernoulli (1654-1705) has been credited as the creator of "Binomial Distribution Table", Gottfried Leibniz (1646-1716) did his dissertation on the subject in 1666; Leibniz you may recall is the co-inventor of "Calculus" and beat Isaac…
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…

786 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question