Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 2 replies
  • Subscribers 39 subscribers
  • Views 7697 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Adding an AD authentication server on the LAN side of a bridged non-routing interface fails to connect

DanielTarrant

A little odd this one. I have a RWDC in a VLAN LAN-side of a bridged (non-routing) interface and a RODC in a VLAN WAN-side (where the gateway address for that interface is assigned). I can add the RODC as an authentication server though not the RWDC in the LAN - I don't suspect this is expected behaviour? All VLAN routing within the LAN, within the WAN and between the two (through the XG) works fine.

The WAN gateway is on the default VLAN and defined in the XG for the bridged interface, the LAN gateway is another hop (through the XG) and is undefined in the XG. The bridge management interface is on the same subnet as both GWs and is set "not" to route traffic (i.e. it is invisible in traces).

Do I need a rule from the WAN side to allow the XG to connect to the LAN-side RWDC? Seems a bit counter-intuitive.



This thread was automatically locked due to age.
Parents Reply Children
  • 0 in reply to DanielTarrant
    UPDATE: Sorted.

    The problem was that, as the only defined GW on the XG in this configuration was the (non-routing) bridge interface and the WAN GW (the upstream router) the firewall didn't know where to go to find the internal RWDC. Simply adding a static route for the VLAN in question with the downstream switch gateway on the LAN side as the hop fixed it right away.
Unfiltered HTML