No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>

Reminder

To have a better experience, please upgrade your IE browser.

upgrade
MENU

PCs on Different VLANs Could Not Manage the Firewall Because Packets Passed Through the Firewall Twice

Publication Date:  2015-07-02 Views:  355 Downloads:  0
Issue Description


PC1, PC2, and PC3 belonged to different VLANs. None of the PCs could manage the USG. 
Handling Process
1. Create VLAN 11 for managing the firewall. 

interface Vlanif11  ip address 3.3.3.2 255.255.255.0

2. Create a virtual firewall and assign VLAN 11 to the virtual firewall.

vlan 11  binding vpn-instance vfw1

3. Configure the gateway of the virtual firewall.

ip route-static vpn-instance vfw1 0.0.0.0 0.0.0.0 3.3.3.3
Root Cause
In transparent mode, the firewall can be managed only through VLANIF interfaces. However, all PCs used Lay3_switch as the gateway. Therefore, the packets from the PCs passed through the firewall twice, first through Lay2_switch and then through Lay3_switch. Therefore, the access was blocked. Therefore, the management VLAN must be assigned to the virtual firewall so that a session can be established when the packets pass through the firewall the second time. 

END

Contribute Articles
Feedback
Huawei Enterprise APP

Copyright © 2018 Huawei Technologies Co., Ltd. All rights reserved.