10-31-2024 11:48 PM
Newbie question trying to learn more on FPR setup.
I have a setup looking like this
ISP -> FPR 1010 FTD (192.168.10.1) -> UDM PRO gateway (10.90.22.1) -> Unifi switch
When i turn on my NAT rule on my UDM for my Vlan 22 (10.90.22.0/24) im no longer able to connect to my FPR on the its IP.
I simple cant reach it any longer, tracert shows that i exit via the GW for the Vlan then it dies.
On my UDM for all Vlans i've created a Source NAT to point to the FPR 192.168.10.1
(Interface=WAN port, Translated IP=10.90.22.0/24 Source=10.90.22.0/24, Destination=192.168.10.1)
i have on the FPR create the 2 Vlans prensent on the UDM 10.90.22.0, 10.90.33.0.
I can't figure out what is wrong in my setup and why im not able to access the FPR, i've tried to create allow policy for the 10.90.22.0. management access is also allowed currently on all subnets
Solved! Go to Solution.
11-03-2024 09:06 AM
Well turns out my issue was as simple as just removing the nat on the UDM and correctly adding the appropriate routing on the FPR.
Thx all for your replies, issue is resolved.
11-01-2024 12:43 AM
I am not into UDM config, but are you saying that you translate 10.90.22.0/24 to 10.90.22.0/24 which effectively means no NAT? Then the FTD needs a route on the inside interface pointing to the UDM IP 192.168.10.x so the FTD can answer back. If the FTD sees an IP 10.90.22.x, this is not in the routing table by default as a dedicated route and FTD doesn't know what to do with this packet.
11-01-2024 12:48 AM
When you do on the NAT in UDM then FTD not able to view the local IP address behind UDM example 10.90.22.0/24 network.
what is the UDM site p2p IP connecting to FTD ( you mentioned 192.168.10.1 is this configured on FTD side UDM side)
you need route for the 10.90.22.X towards UDM IP from FTD example route should be 10.90.22.X/24 to 192.168.10.X(UDM side IP that to work).
i have on the FPR create the 2 Vlans prensent on the UDM 10.90.22.0, 10.90.33.0.
if you looking UDM need to do all NAT then you do not need these VLAN exists in FTD.
11-01-2024 09:22 AM
Are you trying to translate the internal subnet 10.90.22.0/24 into UDM interface facing the FTD? do you have any allowed IP addresses to get into the firewall management port?
11-02-2024 02:35 AM
Well basically im trying to allow my lan network to access the fpr web interface. Im afraid i may have misconfigured something along the way because i just realised that the subnets only have internat access as long as the udm masquerades til ips to be from the same subnet as the fpr.
11-02-2024 03:03 AM
Maybe some can riddle me this
i have a static route 10.26.xx.xx/24 towards my fpr’s gw. My udm is connected to the fpr on port 2, the interface is set as a switch port with the fpr gw ip. My udm has a ip from this scope so 10.224.xx.xx. I’ve created the udm vlans on the fpr source being inside and translated being interface.
On the udm i have a vlan 10.26.xx.xx this is default masqueraded as 10.224.xx.xx, i want to remove this and allow the real 10.26.xx.xx to reach the fpr and go to internet.
as i originally statet total newb sry
11-03-2024 09:06 AM
Well turns out my issue was as simple as just removing the nat on the UDM and correctly adding the appropriate routing on the FPR.
Thx all for your replies, issue is resolved.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide