Route to public IP in DMZ

Shagma · ‎04-11-2018

Hi!

From ISP I have:

Subnet 1 with IP .206/30.

Subnet 2 with IP .216/30

Subnet .216/30 is routed to subnet .206/30 by ISP.

Behind the FGT, connected to DMZ, is a PBX with IP .218. DMZ is configured with IP .217.

PBX is configured has DMZ as GW. In FGT I have VIP with IP .218 and FW rule without NAT.

I can ping .217 from outside, but .218 is not responding. When I look at traffic in FGT I can see traffic with dst for .218, but no response.

Any ideas why this is not working?

ede_pfau · ‎04-11-2018

hi,

Q: how many hosts can you address in a /30 network?

A: only 2. 3rd address is network, 4th is broadcast.

With a given /30 you cannot use more than 2 addresses.

Ede Kernel panic: Aiee, killing interrupt handler!

Shagma · ‎04-11-2018

Hi!

Yes, the (PBX) subnet consists of GW (FGT DMZ) .217 and PBX .218.

That shouldn't be a problem.

Some screenshots of config: https://imgur.com/a/jVz1O

Edit: [strike]for troubleshooting purposes I tried connecting a PC to DMZ with .218 as IP. PC was unable to ping GW .217 and I sniffing did not show any traffic.[/strike]

I am now able to ping both from firewall to PBX and vice versa.

Toshi_Esumi · ‎04-11-2018

So your PBX has .218/30 public IP. Why do you need the VIP? It's just routing to direct & policy to allow.

Shagma · ‎04-12-2018

Never mind. It turned out to be some previous troubleshooting config creating problems. I got it working now.

Route to public IP in DMZ

Nominate a Forum Post for Knowledge Article Creation

You are leaving our website