[NEBULA] Configuring Policy Routes on a Nebula Security

Pook
Pook Posts: 136  Ally Member
First Anniversary 10 Comments Nebula Gratitude Friend Collector
edited April 2021 in Nebula

Hi Guys

I need a little help getting 2 LANS to properly talk to each other on a NSG300 appliance. I have set a route as below..

I can ping across ok but I cannot access any devices, for example there is an iPECS system on 192.168.2.221 and the webpage will not load up from the 192.168.1.xxx LAN (loads fine on 2). I have just moved over from a USG310 and had the same issue but I resolved by doing this..

The NSG300 is on 192.168.1.50, any ideas where to go from here?


Comments

  • TomorrowOcean
    TomorrowOcean Posts: 59  Ally Member
    First Anniversary Friend Collector First Answer First Comment

    I don't think you need to configure policy route on NSG because LAN interfaces can communicate with each other by default except you enable guest interface for them.

    If you may ping from LAN1 to LAN2, that should also mean the traffic can cross LANs.

    Have you tried to capture the packets on LAN2?

    If you can't capture packet on your iPECS system, I remember NSG has packet capture feature on its web. ?

  • Pook
    Pook Posts: 136  Ally Member
    First Anniversary 10 Comments Nebula Gratitude Friend Collector

    This article suggests they don't...https://support.zyxel.eu/hc/en-us/articles/360003473760-Configuring-Policy-Routes-on-a-Nebula-Security-Gateway-NSG-

    This is starting to get me down, I swapped out for the 310 last night and it all worked fine. There are other aspects of Nebula not working out for me either such as content filtering. I just bought 5 NSG 50, 2 NSG100 and an NSG300 for my main site so this is quite an investment.

  • Pook
    Pook Posts: 136  Ally Member
    First Anniversary 10 Comments Nebula Gratitude Friend Collector

    What is really annoying is I can ping any ip on 192.168.2.x range from the firewall..


  • Zyxel_Jason
    Zyxel_Jason Posts: 394  Master Member
    First Anniversary 10 Comments Friend Collector First Answer

    Hi @Pook ,

    Since we need to check more detail on your NSG, I will PM you later. Please check your Forum Inbox.

    Thanks.

    Jason
  • Pook
    Pook Posts: 136  Ally Member
    First Anniversary 10 Comments Nebula Gratitude Friend Collector

    So I visited the site in question and the LAN cable from the NSG had been run to the back of a DrayTek router! The Draytek will be removed and and the WAN2 on the NSG will take it's place.

    The the LAN2 port (NSG) on the .2 range will be changed to the DrayTeks IP so problem solved :-)

Nebula Tips & Tricks