topic Re: FTD 2120 -problem with traffic in DMZ in Network Security

FTD 2120 -problem with traffic in DMZ

michael.busch67 — Mon, 05 Jul 2021 07:00:37 GMT

Hi,

we're trying to implement a new ftd 2120 in our network. It should replace an old ASA 5505(same ip-addresses).

We've tried it last weekend, it worked so far but we had trouble with the traffic coming from a seperate vpn-gw in the DMZ to our proxy server in the dmz.

From the proxy it was possible to ping the vpn-client but the vpn client wasn't able to reach the proxy. The access controll policies were set to go through while we tried to find the issue. On the ftd you didn't get any hitcounts. The vpn clients are able to reach all the servers in our network that coultd be reached without the proxy. I' ve painted a little sketch.

Any Idea?

Best Regards

Michael

Re: FTD 2120 -problem with traffic in DMZ

balaji.bandi — Mon, 05 Jul 2021 12:21:50 GMT

Make sure proxy have routing table.

Re: FTD 2120 -problem with traffic in DMZ

michael.busch67 — Tue, 06 Jul 2021 10:45:23 GMT

Hi BB,

I think when it is possible to reach the vpn-client via ping than there is a route.

I've had a look at the proxy, there is a default route.

But the vpn-client himself cannot make a connection to the proxy.

Best Regards

Michael