Routing between two networks?

Add a static route option, telling traffic on INT1 to route 10.12.0.1/23 traffic to INT2 (usually input by the router IP of that section, presumably 10.21.0.1). Obvioiusly the router on INT has to be configured to route it back (but your MPLS provider probably did it already).

no go am afraid, I tried that before.  see attached is this correct?  .20 ip is HSRP address and I can ping that fine from other sites.

I just don't know why I cant get traffic to talk over the two interfaces on the same firewall?

Thanks
13.PNG

You only set a route once. In your picture, you have two routes, which doesn't make sense and it's a wonder the firewall didn't blow up by itself.
So, one route, one gateway.
Now you have TWO 10.12.0.0/24 entries.
On top of that, the 192. route makes no sense either. Please remove it.
If the 10.12.0.20 is really the router from your MPLS provider, then leave only the first line.

Another possibility is that if the gateways are already input on the interfaces pages, then a route is not the way to go. A policy allowing both directions to flow to each other is the way to go then.

still no go, if you see my first pictures both interfaces have no gateway and are configured as trusted. see attached re routes.

.20 is the MPLS router and I can ping from a remote site but seem to be struggling to get out from the local site.

once again 192.x is the current LAN users are connected to and this is plugged directly into watchguard firewall and 10.x is the new MPLS that is also connected directly into the firewall. (both INT on the firewall are configured as trusted)

could it be bridging that I need to enable? looking for ideas as im losing my mind trying to figure this out.

Thanks
14.PNG

You still need to check if there's a policy that says that both Trusted interfaces can communicate with each other.
Also, set the gateway for the 10.12.0.0 network (then the route isn't needed).

Hi

this is really strange, if I change the 10.12.0.1 interface to External, I can then ping 10.12.0.20 (MPLS Router HSRP IP) from 192.168.111.0 (current LAN users are on) but it cant go any further than that i.e to remote site over MPLS. But I can ping from remote site to this site?

if I change it back to Trusted I can only ping the IP of the int 10.12.0.1 (LAN side) and cant ping 10.12.0.20 its like it cant route traffic to .20 ? Confused!

@Felicia what do you mean security zone? see attached firewall policy as well please?

Thanks
11.PNG

Ok both interfaces are set to Trusted and the policy also set correctly so they can talk to each other?

I know 10.x.x.x is an internal network space, I was just making you guys aware of this change which to a point did go a step further, BUT I do agree that it should not be set to external and it isn't now but now am gone one step back i.e I cant ping 10.12.0.20 ip anymore?

Getting a firebox with current fireware is not an option at this moment in time, because its old its not supported anymore hence seeking help from you experts!