Solved

Can't ping device on optional network Watchguard Xtm 5Series

Posted on 2014-02-05
8
1,208 Views
Last Modified: 2014-02-24
I'm trying to ping a router on the optional port and can't get a responds thru the trusted network. I have another router on that optional network that responds to ping. To test I've plug in a computer directly into the optional network, assigned an IP and i'm able to ping both routers. But from my trusted network, I can only ping one router .

setup
The trusted network is 10.0.1.X/24 (Interface 10.0.1.1)
the optional network is 10.0.2.x/24 (Interface 10.0.2.1)

Router A is 10.0.2.9 (can ping from trusted)
Router B is 10.0.2.11 (CANT ping from trusted)

Test computer1 10.0.2.100 plugged directly into same hub has above routers. I can ping both routers

Test computer2 10.0.1.100 plugged into same hub has trusted network. This computer can only ping Router A.

There is nothing showing up as being blocked in traffic monitor.

How can I tell if IP 10.0.1.100 is being NAT to 10.0.2.1 when it crossed over to the Optional network? Router B MIGHT have an access rule only allow traffic from 10.0.2.X network....But I can't verify that. Do you know if the 10.0.1.X is NAT to 10.0.2.X when It crosses to the optional port?

Why is it being blocked with no log?

Thanks for any help in advance.
0
Comment
Question by:stevebishop
  • 4
  • 4
8 Comments
 
LVL 9

Expert Comment

by:M Roe
ID: 39836257
setup a rule for icmp from trusted to optional
0
 

Author Comment

by:stevebishop
ID: 39837583
thanks for the reply but I've already have a rule for icmp that says allow from 10.0.1.x to any. (which is trusted to any).

any other suggestions?

I did notice I can ping the device from the diag tool in system manager.

Thanks
0
 

Author Comment

by:stevebishop
ID: 39837590
also the router does have an access rule that only allows 10.0.2.x ip's.

Like I mentioned on my first post, if I setup a computer 10.0.2.100 and plug it directly into the optional network 10.0.2.x...I can ping the 10.0.2.11 router.

Also can ping 10.0.2.11 router from the diag tool in system manager on the watchguard firewall.

but not from the 10.0.1.x , there is nothing showing up as being denied.

Thanks
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 
LVL 9

Expert Comment

by:M Roe
ID: 39842932
do you have any routes setup?

I have a xtm 515 with 4 remote offices and VPN setup.

I do not have any ip addresses in the from and to for ping.  I have any trusted and any optional in from area and any trusted and any otional in the to area with no issues.
0
 
LVL 9

Expert Comment

by:M Roe
ID: 39842945
In the ping setup

from
10.0.2.0/24
10.0.1.0/24

to
10.0.2.0/24
10.0.1.0/24
0
 

Accepted Solution

by:
stevebishop earned 0 total points
ID: 39870510
it ended up being one of the routers had an access list not allowing my internal ip's
0
 
LVL 9

Expert Comment

by:M Roe
ID: 39870539
My answer I believe was used to make person think about other devices and if the ports were open for access.
0
 

Author Closing Comment

by:stevebishop
ID: 39882042
issue was related to an internal setup
0

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Sonicwall Possible port scan dropped 5 58
Firewall port opening 2 72
Firewall report connections 8 93
Palo Alto Networks: View Tunnel packet counts? 2 36
I recently had the displeasure of buying a new firewall at one of the buildings I play Sys Admin at. I had to get a better firewall than the cheap one that I had there since I was reconnecting the main office to the satellite office via point-to-poi…
Network traffic routing plays key role in your network, if you have single site with heavy browsing or multiple sites, replicating important application data from your Primary Default Gateway ,you have to route your other network traffic from your p…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
Finds all prime numbers in a range requested and places them in a public primes() array. I've demostrated a template size of 30 (2 * 3 * 5) but larger templates can be built such 210  (2 * 3 * 5 * 7) or 2310  (2 * 3 * 5 * 7 * 11). The larger templa…

809 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question