PCs on Different VLANs Could Not Manage the Firewall Because Packets Passed Through the Firewall Twice

Publication Date: 2015-07-02 Views: 182 Downloads: 0

Issue Description

PC1, PC2, and PC3 belonged to different VLANs. None of the PCs could manage the USG.

Handling Process

1. Create VLAN 11 for managing the firewall.

interface Vlanif11 ip address 3.3.3.2 255.255.255.0

2. Create a virtual firewall and assign VLAN 11 to the virtual firewall.

vlan 11 binding vpn-instance vfw1

3. Configure the gateway of the virtual firewall.

ip route-static vpn-instance vfw1 0.0.0.0 0.0.0.0 3.3.3.3

Root Cause

In transparent mode, the firewall can be managed only through VLANIF interfaces. However, all PCs used Lay3_switch as the gateway. Therefore, the packets from the PCs passed through the firewall twice, first through Lay2_switch and then through Lay3_switch. Therefore, the access was blocked. Therefore, the management VLAN must be assigned to the virtual firewall so that a session can be established when the packets pass through the firewall the second time.

END

Contribute Articles

Document No.: KB1000081547

Fault Type :

Case in Chinese

Feedback

Reminder

Thank you for your interest in Huawei Enterprise Business.

We cordially invite you to visit the CeBIT 2017 mini-site to embark on the road to digital transformation.

Products

Solutions

Industry

Services

Service Support Center

Contact Us

Documents and software

Find a Partner

Ordering & Consultion

CONTACT US

Find a Partner

Become a Partner

Partner zone

Alliance and solution Partner

PCs on Different VLANs Could Not Manage the Firewall Because Packets Passed Through the Firewall Twice

We cordially invite you to visit the CeBIT 2017
mini-site to embark on the road to digital transformation.