09-28-2022 11:17 AM
I have a network with multiple VLANS.
We recently got a FP1120 which has a connection out to the internet. This device is on VLAN 22. Internet access (and ICMP replies) work from any device on VLAN 22.
Internet access (and ICMP replies from FP) do not work on any other VLAN. Access control is set to any ipv4 right now for testing purposes.
hosts on VLAN 21 can ping and access every other host on VLAN 22.
09-28-2022 11:29 AM
I assume you've got a core switch with the VLANs defined? Have you configured a default route on the switch to route to the Firewall's inside interface IP address?
On the Firewall define a static route for the VLAN 21 network via next hop of the switch IP address (VLAN 22)
Create a Auto NAT rule configured on the Firewall to translate the VLAN 21 network behind the outside interface IP address.
Create a rule in the Access Control Policy to permit traffic from the VLAN 21 network to the internet
09-29-2022 01:43 AM
If the endpoints on the other VLANs do not get any reply back from the FTD interface(s) then it would suggest there is some connectivity issues between the endpoints and the FTD. As @Rob Ingram suggested, I would check the routing between the firewall and the core switch. If there is no routing on the core switch, I would suggest the ACP rules to make sure this traffic is allowed.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide