No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search


To have a better experience, please upgrade your IE browser.


USG2110 interzone policy base layer2 ports was not working issue

Publication Date:  2014-07-01 Views:  905 Downloads:  4

Issue Description

As below diagram shown, the Indian XX customers bought the USG2110 firewall, as the internet access security gateway. Required to connect the up and down lines of business with a Layer 2 interface, four connections outside the network internet, Port 3,4 in the DMZ area, 1 and 2 to the network trust zone area. Port 0 connect MPLS area. After deployment, found interzone policy between  trust and untrust zone did not working.

Alarm Information

Ping packets can pass through untrust to trust zone,no other log。 

Handling Process

Change the Port 4 interface to a layer 3 port, and add the L3 port to untrust zone ,Interzone policy was working. The issue was solved.

Root Cause

Consult the manual that, the low-end firewall layer 2 ports are all in one switch board, using unique CPU, interzone policy is controlled by a different CPU, resulting policy does not work.


L2 ports should put into two zones in Low-end firewalls(USG2000)