ZyWALL 110: Why are pfw's for WAN1 active on WAN2 as well? (2 different IP's, same ISP)
Best Answers
-
Hi @jwladd
In your NAT rule, you did not setup correct IP address in external IP so traffic will forward to both of interfaces.
Due to WAN1 and WAN2 are belonging same ISP, so that’s why traffic not pass through to correct interface.
You can try to setup correct interface IP address in NAT rules, and try it again.
5 -
You're the best! Specifed external IP as WAN1 IP (instead of 'any'), works like a champ! Is this happening this way because IP's are both from the same block of IP's from ISP?
0
Zyxel Employee
All Replies
-
Hi @jwladd
The NAT rule seems only forwarding the traffic from specific WAN interface which you configured.
Could you provide configuration to me by private message or take a screenshot of your NAT rules?
0 -
0 -
Have Exch svr & RDS svr on LAN1 accessible by WAN1 IP. Want to use WAN2->LAN2 for credit card terminal only (PCI compliance). If I access WAN2 IP, ports 80, 4085 & 443 all are forwarded to LAN1, even though NAT rules specify WAN1. Btw, all rules/policies setup via GUI, none from CLI.
0 -
I currently have nothing in DMZ... is that what I need to do to stop pfw's (that specify WAN1) from being active when accessing WAN2 IP? My goal is to have no open ports/pfw's incoming on WAN2, so I never saw reason to NAT WAN2 to DMZ. FYI: credit card terminal (requiring PCI compliance scans) is on LAN2.
0 -
Hi @jwladd
In your NAT rule, you did not setup correct IP address in external IP so traffic will forward to both of interfaces.
Due to WAN1 and WAN2 are belonging same ISP, so that’s why traffic not pass through to correct interface.
You can try to setup correct interface IP address in NAT rules, and try it again.
5 -
You're the best! Specifed external IP as WAN1 IP (instead of 'any'), works like a champ! Is this happening this way because IP's are both from the same block of IP's from ISP?
0 -
Hi @jwladd
It is because your NAT rule is setup as “any”.
So both of WAN will “listen” the traffic from ISP.
If there is request from Internet, then will forward traffic to internal server.
0
Ally Member
Categories
- All Categories
- 397 Beta Program
- 2.1K Nebula
- 116 Nebula Ideas
- 78 Nebula Status and Incidents
- 5.1K Security
- 51 USG FLEX H Series
- 247 Security Ideas
- 1.3K Switch
- 70 Switch Ideas
- 907 WirelessLAN
- 34 WLAN Ideas
- 5.9K Consumer Product
- 210 Service & License
- 332 News and Release
- 71 Security Advisories
- 21 Education Center
- 5 [Campaign] Zyxel Network Detective
- 1.9K FAQ
- 880 Nebula FAQ
- 415 Security FAQ
- 221 Switch FAQ
- 195 WirelessLAN FAQ
- 46 Consumer Product FAQ
- 137 Service & License FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 72 About Community
- 63 Security Highlight
