XG 135 - Birdged ports with VLAN won't load webpage

Hi Community,

After alot of thinking, trying and googling Im stuck, so here I am.

At home I run a XG 135 with the latest updates installed.
The XG is in DMZ (to keep my parents network and mine seperated)

Clients within my VLAN just won't load webpages.

My configuration is as follows

Port 5&6 are a Brdge-pair
Default network for both ports: GT_LAN 172.1.1.1/24
Within the bridge pair I got a VLAN: 20_GT_Domotica 172.1.20.1/24

My default LAN and VLAN both have a seperate rule to WAN.

DHCP Works, I can ping my gateway and ping google.com and other websites so DNS works like it should.
As soon as I open any browser and go to a website my connection times out and won't load the webpage.
Within the logging I don't see any blocks that can explain this. If i use the policy tester and type in amazon.com with an IP within the VLAN it says succes and nothing is being blocked.

I am lost and don't know where to look anymore, thanks in advance!

Parents Reply Children
  • Looks fine. Can you show us a screenshot of the website, if this is not loading?

    __________________________________________________________________________________________________________________

  • Thanks for looking into it.
    Did some tests last evening, here goes:

    106.nl

    Ping 106.nl

    First time I got an SSL error

    Decrypt HTTPS should be turned off aswell, I tought my switch could be an issue (Unifi 8 Port POE) tho, the default GT_LAN and WiFI works like a charm 

  • Can you perform a tcpdump of this traffic to this website? Cross reference it via ICMP and check if those packets looks the same. 

    __________________________________________________________________________________________________________________

  • Sorry for the belated reply, the situation kinda changed.

    A coworker joined me at home to look into the issues.
    We reconfigured port 8 as a trunk port:
    - Default lan wich acts as a dummy
    - Multiple vlans: Client, MGT, Domotica, Servers

    After configuring the uplink to port 1 of my unifi switch and testing each Vlan I had 0 issues with browsing to websites.
    Switched back to the bridge and the issues came back (while using the same firewall rules and web policy's)

    I got a feeling bridged interfaces don't like the Vlan config or its the unifi switch creating the problem.
    My coworker gave me his old unifi switch to act as a core switch wich made the bridge interface useless/

    So the reason of this topic is no more.... 
    Tho I am curious if my statement about the bridge interface is true or not.

    Thanks for thinking with me anyways!