Traffic Between Ports

[futures]

IP390 (4 ports) running NGX R61.

I am by no means a CP expert, and so may be missing something very simple here.

However, when this box was set up, we had the ports as follows:

Port 1 - LAN
Port 2 - DMZ
Port 3 - Internet
Port 4 - Spare

We have since had the need to configure the 4th port for a second LAN, so we now have:

Port 1 - LAN 1
Port 2 - DMZ
Port 3 - Internet
Port 4 - LAN 2

We need certain traffic to go between LAN 1 and LAN 2 and for both LANs to access the internet.

I have set up rules in SmartDashboard, and traffic is indeed functioning fine between LAN 1 and LAN 2. However, for some reason, I cannot for the life of me get Port 4 (LAN 2) to access the internet (on Port 3).

I have set up the rules, checked, double checked and trashed and started again, but can still not get this to function.

I assume (maybe wrongly) that because LAN 1 and LAN 2 can communicate, that the port is configured correctly, in which case I am puzzled as to why LAN 2 cannot access the internet.

I have watched in SmartView Tracker and there are no blocks happening. In fact you see the DNS request (when you try and hit a website) being allowed (so it can go off to the internet and resolve the address), but nothing else. DNS times out eventually, and nothing else ever shows in the Tracker.

Can anyone offer any suggestions on what might be the cause, or what direction to look in.

Thank you in advance.

[MarioL]

Have you created NAT hide for LAN 2 when going out to the Internet?

Usually what I do is:
1 - Create a group with all my networks (for example "Allnets")
2 - Create automatic NAT for public servers
3 - Create manual NAT for the hides

NAT rules:
Allnets | Allnets | any | = | = | =
[Automatic static rules here]
Allnets | any | any | Hide on external FW ip | = | =

[futures]

Thank you.

It was the NAT that I had missed out!

Can't believe I spent so long on something so simple :-)

[MarioL]

Glad I could help.

I always create my own log filter (or query or whatever it's called now) and get the "Xlated stuff" and NAT rule to show, this helps a lot since it then shows the NAT stuff by default and prevents me forgetting about those bits.