Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 8 replies
  • Answers 2 answers
  • Subscribers 41 subscribers
  • Views 2613 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Configure two WAN for WIFI zone

Authorized

Added second WAN zone network port5

ipv4 192.168.101.2/27
gateway ip 192.168.101.1 


SSID new network 

DHCP

Firewall Rule

WAN link manager information

able to connect Tablet to Wifi and i get DCHP release

result block firewall rule not matched. if i remove port 5 and select any the traffic goes from port 2 original WAN zone interface which i do not want to use at all.

I must create new wifi and route the traffic on separate WAN interface 

I would appreciate some help and confirm what is wrong with my configuration.

Thank you



This thread was automatically locked due to age.
Parents
  • 0

    Your Firewall Rule allows traffic to the interface itself.

    IF you want to allow traffic to WAN, remove the #Port object and use ANY. SFOS will take care to match it for all WAN Interfaces. 

    The #Port Interface is the IP of the interface itself and does not include all traffic going out to this interface. 

    __________________________________________________________________________________________________________________

  • 0 in reply to LuCar Toni

    And if you want to route the traffic only over the second WAN Interface, you have to create a SD-WAN Route for this. Simply configure the WAN2 as Backup in WAN link manager (so no other traffic will use it) and create a SD-WAN Route for your Wireless LAN as Source and Destination Internetv4 - Then use the WAN2. 

    __________________________________________________________________________________________________________________

  • 0 in reply to LuCar Toni

    Hi Toni,

    i just created NEW SDWAN route & cannot get any traffic result blocked


    incomfing interface NEW SSID ( 192.168.25.3) 

    source network WIFI  subnet 192.168.25.0/27

    Destination port5  192.168.101.2 

    WAN LINK manager type changed to backup

    Note: did not remove any of the above config & kept firewall rule


     

  • +1 in reply to Authorized

    Do not use #Port5 in anything. It will not work. It is the wrong approach. 

    Replace Port5 in the firewall rule with ANY.

    Replace Port5 in the SD-WAN Rule with ANY. 

    __________________________________________________________________________________________________________________

  • 0 in reply to LuCar Toni

    SD-WAN config + firewall rule worked, trafiic route on dedicated port
    Thank you 

  • 0 in reply to Authorized

    You can also replace ANY with "Internetv4" to be more specific. 

    __________________________________________________________________________________________________________________

Reply Children
No Data
Unfiltered HTML