Reece
asked on
How do I allow ALL traffic between a Trust interface and an Optional interface on a Watchguard firewall?
We've just installed a new next-gen firewall and I need some assistance getting some communication between two of the interfaces.
It's a Watchguard T35 and we have our WAN on Eth0, LAN1 on Eth1, and LAN2 on Eth2.
Our WAN has a static IP, but we have /27 block of public IP's routed (at the ISP level) to our WAN for use by public facing servers.
I have that part of it working OK. Servers connected to the LAN2 all have their static IP assignment and IP checks on the internet show the correct IPs. This interface in the Watchguard is set as "Optional".
LAN1, is our private LAN and is set as "Trust". Internet traffic and NAT/port forwarding is all working OK, but I cannot seem to get access to LAN2 from LAN1 devices.
I've created a firewall policy with "ANY" for the packet filtering and have set both 192.168.1.0/24 and 203.xx.xx.0/27 in both the To and From boxes. The rule is set to allow and enabled.
But I cannot browse (using the IP or UNC name) or access any of the LAN2 resources from LAN1. Nor can LAN2 access any of the LAN1 resources.
I'm new to Watchguard and thought I might ask here for any things I may have overlooked before lodging a support ticket with Watchguard support.
It's a Watchguard T35 and we have our WAN on Eth0, LAN1 on Eth1, and LAN2 on Eth2.
Our WAN has a static IP, but we have /27 block of public IP's routed (at the ISP level) to our WAN for use by public facing servers.
I have that part of it working OK. Servers connected to the LAN2 all have their static IP assignment and IP checks on the internet show the correct IPs. This interface in the Watchguard is set as "Optional".
LAN1, is our private LAN and is set as "Trust". Internet traffic and NAT/port forwarding is all working OK, but I cannot seem to get access to LAN2 from LAN1 devices.
I've created a firewall policy with "ANY" for the packet filtering and have set both 192.168.1.0/24 and 203.xx.xx.0/27 in both the To and From boxes. The rule is set to allow and enabled.
But I cannot browse (using the IP or UNC name) or access any of the LAN2 resources from LAN1. Nor can LAN2 access any of the LAN1 resources.
I'm new to Watchguard and thought I might ask here for any things I may have overlooked before lodging a support ticket with Watchguard support.
Can you post a pic of your NAT rules and your firewall policies?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Sounds good. Thanks for sharing!
Jeremy
Jeremy