Lan to Wifi separate zone not working

Hi i have a wifi separate zone for security cams.

I cant ping or connect from LAN  to the separate zone wifi network.

It was working in v17.

Check out some Screenshots.

The firewall rule should work but it doesnt.

Weird that no firewall log entries are logged, too.

Thanks for any help.

EAP3 refresh1

  • Hi Mario,

    not that I have found yet, I am still in the process of fixing a number of items I broke during the migration from VLANs.

    Ian

    XG115W - v20 GA - Home

    XG on VM 8 - v20 GA

    If a post solves your question please use the 'Verify Answer' button.

  • Hi Mario,

    I have found a temporary solution, it works but not very well. I setup an SD-WAN policy route which has some strange requirement to use an the XG external gateway for internal traffic and you cannot ignore the setup. Also the help information when you move a mouse over the objects is useless and needs to be brought up to the same standard as other policy/rules.

    In the migrated sd-wan policies you are shown a firewall rule, but only of the external access, there are no sd-wan policoes created during migration for the internal access firewall rules.

    SD-WAN only allows one session where as a firewall rule allows multiple sessions to the same device. Throughput while I can't test and provide actual values is just plain painfully slow.

    I tried using the Static routing and that is just plain silly/not logical, you must have a gateway that is in the same IP range as your interface, they are the same thing. so that doesn't work.

    In the end v18 GA should make all this SD-WAN routing redundant when the fixes are applied.

    Ian

    The setup to fix the bug, does leave a question about the migrated SD-WAN policy, why were they created, what is missing that needs to have these put in place?

    More thoughts on this subject, there is no way of seeing what traffic is passed though the SD-WAN policy (no logs) or how much?

    XG115W - v20 GA - Home

    XG on VM 8 - v20 GA

    If a post solves your question please use the 'Verify Answer' button.

  • Yes i see no drops, too. You use the sd wan policy for the routing to the separate zone? Wan is not my problem.

    LAN -> Wifi in separate zone doesnt work.

  • Hi Mario,

    using the SD-WAN policy allows me to get the LAN to separate zone working, just you have to have a WAN entry.

    Ian

    XG115W - v20 GA - Home

    XG on VM 8 - v20 GA

    If a post solves your question please use the 'Verify Answer' button.

  • Thanks to Mr Patel added some static routes over cli and now it works as a workaround. Will be fixed in v18.GA.

  • Hi Mario,

    you are lucky to get it working. I had to delete mine because I was getting too many IPS hits even with IPS with disabled and DOS unticked and finally ATP disabled.

    So, back to another reconfigure to get IoT devices working, so another AP installed to isolate the devices to their own physical network.

    Ian

    XG115W - v20 GA - Home

    XG on VM 8 - v20 GA

    If a post solves your question please use the 'Verify Answer' button.