Routing between FWG over VPN?

Comments

7 comments

  • Avatar
    Arijit Panda

    You need a site to client connection not a site to site. Site to site is a bidirectional setup while site to client is unidirectional. This will solve the scenario you are mentioning here.

    0
    Comment actions Permalink
  • Avatar
    William Smith

    But I like the site-to-site tunnel between 192.168.101.* and 192.168.0.*, I can’t just add a route for access to 192.168.3.*?

    0
    Comment actions Permalink
  • Avatar
    Andy

    You could, and maybe add a rule to block 192.168.3.* ifrom the other networks

    0
    Comment actions Permalink
  • Avatar
    William Smith

    I want (all) the other networks to be able to get to 192.168.3.*, but I don't want 192.168.3.* to get to any other networks.  It can't today because it's on the WAN port of the FWG-B above.

    0
    Comment actions Permalink
  • Avatar
    William Smith

    Bump?

     

    0
    Comment actions Permalink
  • Avatar
    Arijit Panda

    First time when i responded, I made a mistake with what you were asking but i made this pic to clarify the ask. To me the ISP is a higher order network than the firewalla as it is connected to the WAN port, network discovery works in the downward direction not on the upward direction. So the requested scenario is impossible to achieve in the firewalla environment. Pic attached for reference. Red and Green arrow is the scenario that you are requesting to be achieve.

    0
    Comment actions Permalink
  • Avatar
    William Smith

    Correct, everything works fine, and I can get to devices on 192.168.3.* from 192.168.0.*

    I'd like to be able to get to devices on 192.168.3.* from 192.168.101.*

     

    0
    Comment actions Permalink

Please sign in to leave a comment.