Forgot password?
 Register now

Welcome to use this form to feedback your problems with Ruijie Community

The category of your feedback

Your Feedback

Your Email address (optional):

How to Troubleshoot Internet Access Failures of RG-WALL Series Firewalls Reply

GTAC-Sophia

Level 5

Ruijie Staff

How to Troubleshoot Internet Access Failures of RG-WALL Series Firewalls
489 0 2024-8-22 14:10:30
Original
Step 1: Check the topology and VLANs on the intranet.
Check the firewall deployment location and all VLANs on the intranet. As shown in the following figure, the firewall is deployed at the egress, and the intranet gateway address is on the core switch. The core switch is configured with VLANs100 and 200, using subnets 172.16.100.0/24 and 172.16.200.0/24, respectively.

Step 2: Check the configuration.
1. Check if the interfaces on the firewall are assigned to the corrected zone.
a. In general, intranet interfaces on a firewall are added to the Trust zone, while extranetinterfaces are added to the Untrust zone.
b. Ensure the interface types are correct: intranet and management interfaces should be set as LAN interfaces, while extranet interfaces must be set as WAN interfaces. For interfaces connected to a private line (without Internet access), do not enable the default route on this interface, as it could cause abnormal Internet access on the intranet.

2. Check the routing configuration.
Ensure the firewall is configured with both a default route and a reverse route. The default route should point to the extranet interfaces, while the reverse routes should point to the intranet interfaces. For the topology described in step 1, the firewall must have two reverse routes configured: 172.16.100.0/24 and 172.16.200.0/24, each pointing to the next hop.

3. Check if the security policy permits data transmission.
To access the Internet, the trust-to-untrust policy needs to be permitted, as shown in the following figure.

4.Configure NAT rules.
Configure a NAT rule to allow traffic to pass from the Trust zone to the Untrust zone.


Step 3: Perform network connectivity diagnosisin the Diagnostic Center.
Ping the external DNS server from an internal PC and perform diagnosis on the firewall.(If the firewall does not have the Diagnostic Center feature, upgrade thefirewall version to R3P2 or later.)


Click Diagnose. Configure the Src. Address to the IP address of the PC, Inbound Interface to a LAN interface on the firewall, and Dest. Address to the IP address of the ping operation. After the diagnosis is complete, the results will be displayed. These results can be used to verify if the firewall is forwarding packets correctly and if the configuration is correct.
Step 4: Collect information.

If the fault persists after troubleshooting with the Diagnostic Center feature, collect the following information:
1.Topology information and intranet VLAN information.
2. Diagnostic results of the Diagnostic Center.
RG-WALL Z Series

Configuration Firewall
There are no replies.
Related Posts
Product Model

Share this topic to

Cancel

This site contains user submitted content, comments and opinions and is for informational purposes only. Ruijie may provide or recommend responses as a possible solution based on the information provided; every potential issue may involve several factors not detailed in the conversations captured in an electronic forum and Ruijie can therefore provide no guarantee as to the efficacy of any proposed solutions on the community forums. Ruijie disclaims any and all liability for the acts, omissions and conduct of any third parties in connection with or related to your use of the site. All postings and use of the content on this site are subject to the Ruijie Community Terms of Use.

More ways to get help: Visit Support Videos, call us via Service Hotline, Facebook or Live Chat.

©2000-2023 Ruijie Networks Co,Ltd