Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Routing - Troubleshooting

My XG FW network is 192.168.210.x.  I have connected to it a non-XG wireless AP (Velop) that is on a separate network 192.168.1.x.

I've added a static route which forwards any traffic destined to the 192.168.1.x network via it's gateway of 192.168.1.1.

I am successfully able to ping, trace route and perform a route look up on any wireless client from the Diagnostics page of the XG.

I am able to ping any device on the XG firewall from the Velop wireless system.

However when I try to ping or access a wireless client(192.168.1.x) from the XG network(192.168.210.x) I am unable to.

Any ideas?  How could I troubleshoot this further from the XG Firewall?

Thanks



This thread was automatically locked due to age.
  • Hi

    do you have a firewall rule in place to allow the traffic between networks?

    Ian

    XG115W - v20.0.3 MR-3 - Home

    XG on VM 8 - v21 GA

    If a post solves your question please use the 'Verify Answer' button.

  • x2.

    Firewalls don't do this automatic inter-vlan routing that Cisco switches might do, since this its a firewall device. 

  • You are on a firewall forum asking questions about inter VLAN connections and then say it does not work like a Cisco switch. You can configure the Cisco switch and not have the XG do the inter VLAN traffic or you can configure a firewall rule that allows inter VLAN traffic.

    Ian

    XG115W - v20.0.3 MR-3 - Home

    XG on VM 8 - v21 GA

    If a post solves your question please use the 'Verify Answer' button.

  • Add a Firewall Rule with source = WIFI, LAN - to - destination = WIFI, LAN and ANY in Services

    besides, i don't think you would need to create a static route

  • Thanks for the help everyone.

    So, I added a FW rule and that enabled me to ping the devices on the wireless network  But I sm still unable to access them with any applcation or web browser.

    The rule allows ANY service to ANY service.

    I created an ALLOW ANY ANY Rule and still cant access the devices.

    I am not seeing anything being blocked in the logs, in fact I see traffic allowed and to the specific ports.

    I am thinking it may be on the Velop system but the FW is off.

    Kerry

  • More information:

    I flipped on the 'invalid traffic' log and found that most of the traffic going to and coming from the wireless network (192.168.1.x) network is being tagged as 'invalid traffic' .  However some traffic is allowed.

    I am also getting the message 'Could not associate packet to any connection'.

    Here are a couple of log entries:

    Status    NAT rule    Message    Message ID    Rule type    Live PCAP    Src IP    Src port    Dst IP    Dst port    In interface     Out interface     Protocol
    Allow    0        1    1    Open PCAP    192.168.210.250    51028    192.168.1.12     37777    Port1    Port1    TCP
    Allow    0        1    1    Open PCAP    192.168.210.250    50737    192.168.1.12     37777    Port1    Port1    TCP
    Deny    0    Could not associate packet to any connection.    1001    0    Open PCAP    192.168.1.12     49825    17.57.144.133    5223            TCP
    Allow    0        1    1    Open PCAP    192.168.210.250    64769    192.168.1.12     80    Port1    Port1    TCP
    Deny    0    Invalid packet.    1001    0    Open PCAP    192.168.210.250    64769    192.168.1.12     80    Port1        TCP
    Deny    0    Invalid TCP state.    1001    1    Open PCAP    192.168.210.250    64769    192.168.1.12     80            TCP
    Deny    0    Invalid TCP state.    1001    1    Open PCAP    192.168.210.250    64769    192.168.1.12     80            TCP
    2021-06-03 20:29:59    Invalid Traffic    Denied    23    Deny    0    Invalid TCP state.    1001    1    Open PCAP    192.168.210.250    64769    192.168.1.12     80            TCP