Skip to main content
RolandBaumgaertner72
RolandBaumgaertner72
New Member
September 11, 2025
Question

Routing Problem with 2 LAN Networks

  • September 11, 2025
  • 2 replies
  • 1236 views

Hi,

 

we have a new FG90G and we want to add another LAN segment to separate the IT dept. So the problem is that I have LAN OLD 10.10.111.0/24 (port1) and LAN IT 10.10.112.0/24 (port3). 

 

Our MPLS network is 10.10.0.0/16 with a route to the MPLS router 10.10.11.1.

 

So my host 10.10.112.135 cant ping 10.10.111.200 though I have a policy from LAN IT > LAN ALL and ANY. Sniffing I see that the FG routes the traffic pinging 10.10.111.200 to the MPLS network since 10.10.0.0/16 gets routed over the MPLS network.

 

So I tried a Policy Route to avoid problems from LAN IT to LAN outgoing interface LAN IT and I tried different options in this Policy Route but I never see that traffic from LAN IT goes to LAN.

 

Both LANs are Sowftware Switch. What am I missing?

 

Thanks!

 

 

 

2 replies

AEK
SuperUser
AEK
SuperUser
September 11, 2025

Is the network 10.10.111.0/24 directly connected to the FGT (port1 IP is 10.10.111.x) or is it behind another router?

If is directly connected then you find in your routing table that the route in directly connected (through port1) and it will have automatically the lowest priority (mean highest).

AEK
RolandBaumgaertner72
RolandBaumgaertner72Author
New Member
September 11, 2025

Both 10.10.111.0/24 and 10.10.112.0/24 are connected directly to the same switch. 

 

# get router info routing-table all

C 10.10.111.0/24 is directly connected, LAN 
C 10.10.112.0/24 is directly connected, LAN IT

 

I am lost, I dont get it, I dont see anything comming from 112 to 111, sniffing with my IP I get

88.694780 port3 in 10.10.112.135.64885 -> 10.10.111.245.443: udp 1220
88.694782 LAN IT in 10.10.112.135.64885 -> 10.10.111.245.443: udp 1220

 

Routing is not working, I cant get it from LAN IT Interface to LAN.

 

Any suggestions?

AEK
SuperUser
AEK
SuperUser
September 11, 2025

The output doesn't show it is sent through the MPLS interface.

You can run the following to see which route it selects.

diag debug flow filter addr x.x.x.x
diag debug flow filter proto 1
diag debug flow show iprope enable
diag debug flow show function-name enable
diag debug flow trace start 100
diag debug enable

Then start a fresh ping command to catch it from the beginning. 

AEK
RolandBaumgaertner72
RolandBaumgaertner72Author
New Member
September 11, 2025

I left the office already but I did some sniffing and without policy Route the packages were sent out via X1 or the MPLS interface.

 

Than I tried with different configurations with the policy route (I am never quite sure if I have to put the interface gateway or without) but when I configured source interface my LAN IT with LAN IT address and destination LAN and LAN address (I think I tried with and without outgoing interface with gateway IP and also I tried from outgoing interface LAN IT and LAN) and than I saw that the sniffing Port3 and LAN IT but never passed to the LAN interface.

 

Can t believe that it is so difficult when you have 2 LANs connected directly and I cant have access from one LAN to the other.

 

One thing, we dont have VLans in the Switch and both LANs are connected equaly in the Switch.

 

Any idea?

Terms & ConditionsAccessibility statement