Re: Issue with Firewall

eBHWorker · ‎01-07-2024

I've been trying to resolve this issue for about 2 days but cannot find the problem. The computer circled dark blue can ping any PC or device from the WAN (Network A and C). Network devices from A and C can do the same. There is a slight issue though, the PC with the orange (and all other PCs inside of Network C) cannot ping any PC besides themselves but can receive the DNS and ICMP traffic from the other side of the firewall (AKA the 8.8.8.8 DNS server).

I've been trying to fix this issue by configuring the routers 10.10.1.1 and 10.10.100.1 to enable ICMP and allow DNS, but none can communicate with the DNS server but still can ping any PC (including the orange and the rest of Network C's PCs).

If anyone could help me with the issue that would be amazing.

M02@rt37 · ‎01-07-2024

Hello @eBHWorker

Where is hosted the IP Gw of that PC dark bule ?

Best regards
.ı|ı.ı|ı. If This Helps, Please Rate .ı|ı.ı|ı.

eBHWorker · ‎01-07-2024

Hello M02@rt37, thank you for the reply,

The Dark Blue and the Orange PCs are all receiving default Gateway from the Firewall since it's serving as a DHCP with IP 192.168.1.1

The other networks are using the Routers that are connecting to their respective Switches as their DHCP configurations (as the routers have DHCP for each default IP [for example 192.168.2.1 and 192.168.3.1])

M02@rt37 · ‎01-07-2024

Thanks @eBHWorker for that clarification.

Do you use simulation mode to "follow" the packet ?

Best regards
.ı|ı.ı|ı. If This Helps, Please Rate .ı|ı.ı|ı.

eBHWorker · ‎01-07-2024

My pleasure, M02@rt37 I tried using a sample PDU to determine what part of the movement was causing the issue, but it would seem that the PC (as an example) from network 192.168.3.1 goes off to the switch to the Firewall, and attempts to leave, but is decline and failed when doing so.

But for some reason, the computers in Network C go perfectly to the Firewall, and from the firewall to the other side with no conflict (and return the ping or are capable of using DNS from the DNS server).

Georg Pauwen · ‎01-08-2024

Hello,

post your zipped Packet Tracer (pkt) project file...

eBHWorker · ‎01-08-2024

Hello @Georg Pauwen, thank you for the kindness intent,

Hereby is the project that I was trying to configure. When starting the firewall, there's an unexpected behavior even though I already configured the wanted Inside and Outside properties (that for some reason reversed). So every time I start the CPT file, I have to write "reload" inside of the CLI.
Thank you for the help M02@rt37

Georg Pauwen · ‎01-08-2024

Hello,

I have opened your file, but I cannot reproduce your connectivity problem, it looks like there is full connectivity. From which IP address to which IP address do you NOT have connectivity ?

eBHWorker · ‎01-08-2024

Hi there,

The issue is mainly that the connections show stable, but for example, the ICMP communication between the network 192.168.3.1 and the network 192.168.1.1 is now able to communicate with each other (even though they are connected wired and show good connectivity).

Georg Pauwen · ‎01-08-2024

Hello,

what instructions are you following ? The router interface and the firewall interface have the same IP address.

interface GigabitEthernet0/0
ip address 192.168.1.1 255.255.255.0
ip helper-address 178.167.2.150
ip access-group 1 in
duplex auto
speed auto

Firewall Vlan 2:

192.168.1.1

eBHWorker · ‎01-08-2024

I believe I set the IP address on GigabitEthernet0/0 since that's the port that is connecting to the router (with the switch that belongs to that network). The firewall is configuring the DHCP for the network IP 192.168.1.1 directly and is also connected to the switch. But the Router is essentially configuring DHCP to the network 192.168.3.1 on the left (the one with the access point).

Georg Pauwen · ‎01-09-2024

Hello,

what is the password for the Firewall ?

Does the Vlan 2 interface on the firewall (the one is IP address 192.168.1.1) need to be in the same address space as the DHCP pool you named 'vlan2' on the router ? If that is the case, change the IP address of the Vlan2 interface on the firewall to an address in the 192.168.3.0/24 address space.