No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search


To have a better experience, please upgrade your IE browser.


PCs on Different VLANs Could Not Manage the Firewall Because Packets Passed Through the Firewall Twice

Publication Date:  2015-07-02 Views:  566 Downloads:  0

Issue Description

PC1, PC2, and PC3 belonged to different VLANs. None of the PCs could manage the USG. 

Handling Process

1. Create VLAN 11 for managing the firewall. 

interface Vlanif11  ip address

2. Create a virtual firewall and assign VLAN 11 to the virtual firewall.

vlan 11  binding vpn-instance vfw1

3. Configure the gateway of the virtual firewall.

ip route-static vpn-instance vfw1

Root Cause

In transparent mode, the firewall can be managed only through VLANIF interfaces. However, all PCs used Lay3_switch as the gateway. Therefore, the packets from the PCs passed through the firewall twice, first through Lay2_switch and then through Lay3_switch. Therefore, the access was blocked. Therefore, the management VLAN must be assigned to the virtual firewall so that a session can be established when the packets pass through the firewall the second time.