NAT Problems-Traffic not crossing zones.

[Guest]

[rosiakc]

.

[davvidde]

I think you have made some mistakes in your firewall project:

The red interface should not be ping from internal LAN, only the green and all interfaces on the Internet that have been enabled. This is done by the default firewall configuration. You should notice in Firewall->outgoing firewall the following line: (if it is not present then add it)

Source:
GREEN
ORANGE
BLUE
Destination:
   RED    
Service:
ICMP/8
ICMP/30

ALLOW with IPS    allow PING

Also if you go to a computer that is outside your firewall (RED) you should NOT ping any of your internal PC otherwise you do not need a firewall but a simple router.

Also the source NAT rule to allow GREEN traffic to go to RED should be generated by default; check Firewall->Port forwarding->Source NAT->show_system_rules

You should only need a port forwarding rule to route incoming traffic in RED  to your internal IP server (assure you use private IP addresses for your internal LAN)

Next, if you have made the following two step, you should not use a firewall because it is useless:
Made an incoming routed traffic rule to forward all incoming traffic on RED to be passed to the Server on Green LAN.
Disabled the IPS, and outgoing traffic firewall, and made a system access rule to allow all traffic from red to go to green, and made policy routing rules to allow all traffic./li]


Davide.

[rosiakc]

.

[kashifmax]

Same issue with me too. I am using EFW v2.5

Interface are
Green 192.168.0.1
Red 192.168.

[kashifmax]

I think you have made some mistakes in your firewall project:

The red interface should not be ping from internal LAN, only the green and all interfaces on the Internet that have been enabled. This is done by the default firewall configuration. You should notice in Firewall->outgoing firewall the following line: (if it is not present then add it)

Source:
GREEN
ORANGE
BLUE
Destination:
   RED    
Service:
ICMP/8
ICMP/30

ALLOW with IPS    allow PING

Also if you go to a computer that is outside your firewall (RED) you should NOT ping any of your internal PC otherwise you do not need a firewall but a simple router.

Also the source NAT rule to allow GREEN traffic to go to RED should be generated by default; check Firewall->Port forwarding->Source NAT->show_system_rules

You should only need a port forwarding rule to route incoming traffic in RED  to your internal IP server (assure you use private IP addresses for your internal LAN)

Next, if you have made the following two step, you should not use a firewall because it is useless:
Made an incoming routed traffic rule to forward all incoming traffic on RED to be passed to the Server on Green LAN.
Disabled the IPS, and outgoing traffic firewall, and made a system access rule to allow all traffic from red to go to green, and made policy routing rules to allow all traffic./li]


Davide.

Dear Davvidee,

Same issue with me too. I am using EFW v2.5

Interface are
Green 192.168.0.1
Blue 172.

[kashifmax]

Hmmm  :-)