The sm sever is located in B point, and belongs to untrust zone the same with A point. The sacg is serial connected in the network derectly. Now the B point service is ok but the sc at A point can’t connect with it.
Testing with ping, display that can’t connect.
Using the telnet 17889 port but display that can’t open the port.
Checking that the middle line don’t have FW to block off.
Finally, checking the usg2220 configuration find the configuration of inter-domin rule is that:
firewall packet-filiter defalt deny interzone trust untust direction inbound
firewall packet-filiter defalt deny interzone trust untust direction outbound
The Linkage policy applied to the outbound of trust to untrust. The inter-domain rule being blocked obviously. It works normally after delete the rule of inbound.
The sc at B point can’t communicate with the SM at A point normally.
We need pay attention when use the products of hsr series. It is ok that inter-domain not opened when configure the other device. But this series product need do the deny rule, so suggest that configure unidirectional deny rule