TZ470 allow traffic between zones
I have a TZ470 with 5 zones, I want computers on LAN to be able to see and talk to computers on the TECH zone. I have added two access rules, one LAN to TECH with ANY on everything, and one TECH to LAN with ANY on everything. I'm on a computer in the LAN zone and try pinging the addresses (in the TECH subnet) of devices I know are on and get nothing.
Do I need to add a routing rule as well? Is there something special I need to do on the access rules?
John S.
Best Answer
-
BWC Cybersecurity Overlord ✭✭✭
@johnswenson1 this sounds right to me, if all of your endpoints have a valid default route back to the TZ470.
You might check with the Packet Monitor, just filter for your Source and Destination Address and have a look for dropped packets.
—Michael@BWC
0
Answers
I found the problem. I can't get to church right now so I had someone turn the booth on and all the equipment, but someone else came along and turned everything off, even though there was a big note saying to leave everything on. The only thing running were two rpis that were plugged into the always on strip. All the access rules in the world aren't going two help if everything is not powered.
Thanks,
John S.
I tried again today, I had some turn on the booth and computers. Now I can see some, but not all. The ones that get DHCP leases from the TZ470 I can see, but the ones with static IP addresses in the devices I cannot see. I checked this thoroughly and that seems to be the issue. Somehow packets from devices with static IP addresses are not allowed. Anybody have any clue what might be causing this?
The access rules have a lot of stuff about security profiles etc, I just left everything default, is there something that needs to be changed to allow static addresses to go between zones. All the static addresses are below the minimum address in the DHCP pool for the TECH zone. But I am using Any for the source and destination addresses in the rules so I don't thing that should cause any issue.
Thanks,
John S.
@johnswenson1 my best guess would be, that either the Subnet mask or the Default Gateway of the statically configured clients does not matach your configuration. Make sure they are correct.
—Michael@BWC