Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Can't ping device on optional network Watchguard Xtm 5Series

Posted on 2014-02-05
8
Medium Priority
?
1,296 Views
Last Modified: 2014-02-24
I'm trying to ping a router on the optional port and can't get a responds thru the trusted network. I have another router on that optional network that responds to ping. To test I've plug in a computer directly into the optional network, assigned an IP and i'm able to ping both routers. But from my trusted network, I can only ping one router .

setup
The trusted network is 10.0.1.X/24 (Interface 10.0.1.1)
the optional network is 10.0.2.x/24 (Interface 10.0.2.1)

Router A is 10.0.2.9 (can ping from trusted)
Router B is 10.0.2.11 (CANT ping from trusted)

Test computer1 10.0.2.100 plugged directly into same hub has above routers. I can ping both routers

Test computer2 10.0.1.100 plugged into same hub has trusted network. This computer can only ping Router A.

There is nothing showing up as being blocked in traffic monitor.

How can I tell if IP 10.0.1.100 is being NAT to 10.0.2.1 when it crossed over to the Optional network? Router B MIGHT have an access rule only allow traffic from 10.0.2.X network....But I can't verify that. Do you know if the 10.0.1.X is NAT to 10.0.2.X when It crosses to the optional port?

Why is it being blocked with no log?

Thanks for any help in advance.
0
Comment
Question by:stevebishop
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 4
8 Comments
 
LVL 9

Expert Comment

by:Mike Roe
ID: 39836257
setup a rule for icmp from trusted to optional
0
 

Author Comment

by:stevebishop
ID: 39837583
thanks for the reply but I've already have a rule for icmp that says allow from 10.0.1.x to any. (which is trusted to any).

any other suggestions?

I did notice I can ping the device from the diag tool in system manager.

Thanks
0
 

Author Comment

by:stevebishop
ID: 39837590
also the router does have an access rule that only allows 10.0.2.x ip's.

Like I mentioned on my first post, if I setup a computer 10.0.2.100 and plug it directly into the optional network 10.0.2.x...I can ping the 10.0.2.11 router.

Also can ping 10.0.2.11 router from the diag tool in system manager on the watchguard firewall.

but not from the 10.0.1.x , there is nothing showing up as being denied.

Thanks
0
Are You Ready for GDPR?

With the GDPR deadline set for May 25, 2018, many organizations are ill-prepared due to uncertainty about the criteria for compliance. According to a recent WatchGuard survey, a staggering 37% of respondents don't even know if their organization needs to comply with GDPR. Do you?

 
LVL 9

Expert Comment

by:Mike Roe
ID: 39842932
do you have any routes setup?

I have a xtm 515 with 4 remote offices and VPN setup.

I do not have any ip addresses in the from and to for ping.  I have any trusted and any optional in from area and any trusted and any otional in the to area with no issues.
0
 
LVL 9

Expert Comment

by:Mike Roe
ID: 39842945
In the ping setup

from
10.0.2.0/24
10.0.1.0/24

to
10.0.2.0/24
10.0.1.0/24
0
 

Accepted Solution

by:
stevebishop earned 0 total points
ID: 39870510
it ended up being one of the routers had an access list not allowing my internal ip's
0
 
LVL 9

Expert Comment

by:Mike Roe
ID: 39870539
My answer I believe was used to make person think about other devices and if the ports were open for access.
0
 

Author Closing Comment

by:stevebishop
ID: 39882042
issue was related to an internal setup
0

Featured Post

Introducing the WatchGuard 420 Access Point

WatchGuard's newest access point includes an 802.11ac Wave 2 chipset, providing the fastest speeds for VoIP, video and music streaming, and large data file transfers. Additionally, enjoy the benefits of strong security as the 3rd radio delivers dedicated WIPS protection!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I recently had the displeasure of buying a new firewall at one of the buildings I play Sys Admin at. I had to get a better firewall than the cheap one that I had there since I was reconnecting the main office to the satellite office via point-to-poi…
Network traffic routing plays key role in your network, if you have single site with heavy browsing or multiple sites, replicating important application data from your Primary Default Gateway ,you have to route your other network traffic from your p…
Monitoring a network: how to monitor network services and why? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the philosophy behind service monitoring and why a handshake validation is critical in network monitoring. Software utilized …
Do you want to know how to make a graph with Microsoft Access? First, create a query with the data for the chart. Then make a blank form and add a chart control. This video also shows how to change what data is displayed on the graph as well as form…
Suggested Courses

670 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question