Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Thread Info
  • State Suggested Answer
  • Replies 23 replies
  • Answers 1 answer
  • Subscribers 41 subscribers
  • Views 4000 views
  • Users 0 members are here
Options
Suggested

Can't ping Synology NAS from another VLAN

Kam

Hi all,

I have a huge problem with simple ping to NAS VLAN from any other VLAN. I tried almost everything and it just doesn't work.

My infrastructure:

Sophos firewall with NAS VLAN 2, no DHCP, Synology has fixed IP X.X.2.100 on port 2 with gateway and DNS set up to network address X.X.2.1. Next, USERS VLAN 3 with DHCP from X.X.3.100 and DNS and gateway set up to network address X.X.3.1. There is also management VLAN 10 with DHCP X.X.10.100 and DNS/gateway X.X.10.1. Synology is a member of this VLAN on port 1 with fixed IP X.X.10.103

I disabled firewall on Synology, didn't make any traffic control yet. On Sophos I created rule from zone USERS to NAS without restrictions.

I connected port 1 from Synology with fixed IP from VLAN 10 to untagged VLAN 10 port on Unifi switch. Next I connected port 2 from Synology with fixed IP from VLAN 2 to untagged VLAN 2 port on Unifi switch. At the end of the day, I would like to restrict port 1 to DSM only (for NAS management) and port 2 to file sharing only (SMB/FTP/AFP), but for now, all services are available on both ports.

Now, the problem is, when I'm pinging NAS on X.X.10.103 and my computer is in VLAN 10, NAS responds. When I try to ping NAS on X.X.2.100 from the same computer, it doesn't respond. When I switch port from my computer and connect it to VLAN 3, I can't ping any of the NAS addresses. Additionally, when I ping another device on VLAN 3 from computer in VLAN 10, it responds. What the hell is wrong with my setup?



Added TAGs
[edited by: Raphael Alganes at 1:28 AM (GMT -7) on 20 Mar 2024]
  • 0 in reply to Kam

    Hmm, we can further check this. Kindly run this command

    tcpdump -veni any host X.X.2.100 & ping -c X.X.2.100

    note: hit cntrl+c to stop tcpdump

    You can also analyze the logs and it will show if the firewall received any reply from X.X.2.100

  • 0 in reply to Kam

    Hi,

    make sure you have removed the ip address details from the non active port.

    Ian

    XG115W - v20.0.1 MR-1 - Home

    XG on VM 8 - v20 GA

    If a post solves your question please use the 'Verify Answer' button.

  • 0

    Gentelman, I have to apologise for this mess. I'm the dumbest guy in the Internet, globally :). Today I decided I double-check everything once again and that's how I found the cause of my issue - on switch port connected to XGS where NAS VLAN traffic was transmitted, I set up untaged (native) VLAN 2 and.... blocked all tagged ports. I seriously have no idea why I set it up like that, it obviously had to be inadvertence since all other ports was set up correctly. Hope anyone who gets here will have a chance to at least learn from my mistake. Nevertheless, thank you all for many valuable advice, I definitely learned something new by the way.

Unfiltered HTML