No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

The case USG5300 transparent mode network management can not manage

Publication Date:  2012-09-19 Views:  50 Downloads:  0
Issue Description
Network manage 10.0.32.113 through S93-A and S53-A manage USG5300-A 10.0.32.137。network management can not manage USG5300-A,Ping can not access too
Alarm Information
none
Handling Process
1 networking sent 30 ICMP packages,firewall count 30 packages from forward direction,forwarding 30 packages,left 30 packages,the reason is can not find ARP 
Protocol(ICMP) SourceIp(10.0.32.113) DestinationIp(10.0.32.137) 
SourcePort(44238) DestinationPort(44238) VpnIndex(public) 
         Receive           Forward           Discard 
Obverse : 60pkt(s) 30pkt(s) 30pkt(s) 
Reverse : 0pkt(s) 0pkt(s)   0pkt(s)
 
Discard detail information:
  DP_FW_Output                  :exit 5:     30
Root Cause
10.0.32.113 ping 10.0.32.137,ICMP-REQUEST message access in firewall through links as follows
VLAN703     VLAN703    VLAN410 32.113-------S93-A--------------USG5300-A--------------S53-A--------------USG5300-A 32.137
1 message from S93-A to S53-A,USG5300-A carry out layer2 forwarding,next-hop of dialog list record of destination address(10.0.32.137)
2 message from S93-A to USG5300-A,due to destination MAC is interface MAC address,USG5300-A carry out layer3 forwarding,and do not chek route,utilize next-hop (10.0.32.137)of dialog buffer check ARP directly,surely,ARP list can not check out,then result in packages lost

This networking message first pass firewall carry out layer2 process,second times pass firewall carry out layer3 process,this special application USG5300 is not support
Suggestions
2 association with networking and message tend,analyse ICMP-REQUEST message through these links to firewall:
VLAN703           VLAN703             VLAN410
32.113-------S93-A--------------USG5300-A--------------S53-A--------------USG5300-A 32.137
A message from S93-A to S53-A,USG5300-A carry out layer2 forwarding,next-hop of dialog list record of destination address(10.0.32.137)
B message from S93-A to USG5300-A,due to destination MAC is interface MAC address,USG5300-A carry out layer3 forwarding,and do not chek route,utilize next-hop (10.0.32.137)of dialog buffer check ARP directly,surely,ARP list can not check out,then result in packages lost

END