Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 16 replies
  • Answers 2 answers
  • Subscribers 5 subscribers
  • Views 29417 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

RED between UTM - routing works, but UTM on both sides can't access the network

open

Hello guys,

 

I have a problem concerning a RED connection between two UTMs.

The connection is established and works finde. Routing as well.

 

The only problem is, the UTMs can't access the networks on the other side, PING isn't working either.

Devices within this networks are able to access the other networks.

 

Any ideas? I am a bit stuck at the moment and need it to work, because the UTM needs to access the ActiveDirectory Server at the other side of the tunnel which isn't working.

PING tests were made with the UTM tools.

 

Thanks in advance.

 



This thread was automatically locked due to age.
Parents
  • 0

    Hi there.

    It's most likely missing some firewall rules, as Karlos pointed out. Just to make things clearer: you probably have your UTMs' RED interfaces on a private network. for example, 192.168.100.0/24 with UTM 1 on 192.168.100.1 and UTM 2 on 192.168.100.2. Since your networks are able to communicate, I take it you have a firewall rule on both UTMs allowing each subnet to connect to each other, but you are lacking a firewall rule to allow the remote UTM to communicate with your local networks. You are probably assuming the traffic from the UTM would reach the other side with it's LAN IP, but in fact it will reach the other side with the IP from the RED interface, so your firewall rules allowing both subnets to communicate won't cover this traffic.

    Try this, assuming the example I used with UTM1 on 192.168.100.1 and UTM 2 on 192.168.100.2. Replace with the IP from your RED interfaces

    UTM 1:

    From 192.168.100.2 (UTM 2 RED interface IP) -> Any -> Internal

    From Internal -> any -> 192.168.100.2 (UTM 2 RED interface IP)

     

    UTM2:

    From 192.168.100.1 (UTM 1 RED interface IP) -> Any -> Internal

    Internal -> Any -> 19.168.100.1 (UTM 1 RED interface IP)

     

    Of course, replace "any" with the services you want to allow though if you wish to be more restrictive.

     

    Regards,

    Giovani

Reply
  • 0

    Hi there.

    It's most likely missing some firewall rules, as Karlos pointed out. Just to make things clearer: you probably have your UTMs' RED interfaces on a private network. for example, 192.168.100.0/24 with UTM 1 on 192.168.100.1 and UTM 2 on 192.168.100.2. Since your networks are able to communicate, I take it you have a firewall rule on both UTMs allowing each subnet to connect to each other, but you are lacking a firewall rule to allow the remote UTM to communicate with your local networks. You are probably assuming the traffic from the UTM would reach the other side with it's LAN IP, but in fact it will reach the other side with the IP from the RED interface, so your firewall rules allowing both subnets to communicate won't cover this traffic.

    Try this, assuming the example I used with UTM1 on 192.168.100.1 and UTM 2 on 192.168.100.2. Replace with the IP from your RED interfaces

    UTM 1:

    From 192.168.100.2 (UTM 2 RED interface IP) -> Any -> Internal

    From Internal -> any -> 192.168.100.2 (UTM 2 RED interface IP)

     

    UTM2:

    From 192.168.100.1 (UTM 1 RED interface IP) -> Any -> Internal

    Internal -> Any -> 19.168.100.1 (UTM 1 RED interface IP)

     

    Of course, replace "any" with the services you want to allow though if you wish to be more restrictive.

     

    Regards,

    Giovani

Children
No Data
Unfiltered HTML