USG5300 network can't cross network segment WEB management

Publication Date:  2012-11-09 Views:  114 Downloads:  0
Issue Description
A site delivery uses USG5300 transparent access to the core network, configure the two interfaces to the second switching port at the same time, after joined them into the same Vlan, customer business adjusted pass smoothly, but customers can’t access and management USG5300 Vlan management interface in the internal network.
Alarm Information
None.
Handling Process
First of all check the configuration, found in customer network there are a inbound no.2 and a outbound no.3 gigabit interface, which has joined the Trust and Untrust domain respectively, and the domain packet filter has already been opened. But the packet filter of Local domain hasn’t been opened, after tried to open the packet filtering rules between Local and Trust, the fault is still.
In the second inspection found that the VLAN interface of VLAN 100 which is divided by no.2 and no.3 gigabit interfaces didn’t join the domain, and later join the VLAN interface to the DMZ domain, then open the packet filtering rules between domains, problem is solved.
Root Cause
1. The interface didn’t join the domain
2. Didn’t open domain packet filtering rules
Suggestions
If the customer needs network management when the USG5300 transparent accessing, besides adding the actual physical interface to the domain, we also should added the VLAN interface to the domain, open the packet filtering rule between domains, the customer just can access to and management USG5300 from the internal network. 

END