1. The Trust zone PC (10.10.20.238) can not ping server (10.10.30.4) ,but can ping 10.10.30.2.
2. Server 10.10.30.4 can ping the gateway 10.10.30.1
3. Be able to ping 10.10.30.4 directly in the USG
1. Check the configuration of each device is no problem, the inter-domain rules have been liberalized, the route is also correct.
2. Check sessions on USG ,also establish USG, has forwarded packet
3. Source address can not ping -a 10.10.10.1 10.10.30.4
can ping -a 10.10.10.1 10.10.30.2
Suspected server gateway configuration settings has problems, allow the user to check the server gateway, found that server (10.10.30.4) gateway has been set into itself ip address .To change the 10.10.30.4 gateway into 10.10.30.1, problem can be solved.
Inter-domain policy has done restriction probably.