Results 1 to 6 of 6
  1. #1
    Master Untangler
    Join Date
    Feb 2013

    Default Vlan and multiple Nic's question and problem

    Dear Team,
    I have a strange problem, will try to describe everything:

    Untangle is running on Vsphere 6 virtual machine, which has a virtual switch with 3 Vlans:

    1) Server Vlan
    2) User Vlan
    3) External Vlan for ISP

    So untangle Box has 3 Nics:

    1) in Server Vlan
    2) in User Vlan
    3) ISP public IP address

    4) I have a Cisco router with VPN to a brach office, inside the user Vlan.
    Branch network is

    Current strange problem is, I have a Print server in Server Vlan:
    All users in Branch have mapped printers from this file server.

    But, users can not print. Actually i can see that print job comes and disappears ... with out a print output.
    How ever there is nothing blocked in Firewall by logs.

    After playing with a settings i have noticed:

    If I put bypass rule like:

    rule a) bypass source (Printer IP in a branch) to Destination (Print Server)
    rule b) bypass source (Print Server) to Destination (Printer IP in a branch)

    Printer start to work.
    Had to add such rules for all network printers in Branch. But it little confuse me.
    Have attach the diagram I have.

    Also had similar situations with couple of internal applications, Like:

    users have soft installed that takes info from server (SQL server)
    so did not work correctly, till i add this bypass rules

    Maybe i do something wrong?
    Forgot to mention i have 2 Untangles in VRRP with exactly the same rules. (So default GW are VRRP addresses)

    I use:

    Webfilter Lite
    Virus Blocker Lite
    Phish Blocker
    Application Control Lite
    Intrusion Prevention
    Add blocker


    Also to see Network i have rote in UT:

    Network next hop

    Where is a router (MPLS to Branch)

    Also Had a problem with VOIP:

    all phones are in 10.0.1.X and 10.0.2.X networks.
    So on UT i had to add by pass rule for RTP ports like:

    Source 10.0.1.X and 10.0.2.X by pass ports 10000 to 19999 (Where ports are Asterisk RTP ports)
    But main question is, if this all are local networks why i have to put bypass?

    Because when some address or IP is in bypass, logically i an not add rules in Firewall for it.

    Thanks for advice

    Last edited by boris.minakov; 07-05-2015 at 02:13 PM.

  2. #2
    Master Untangler
    Join Date
    Feb 2013


    the thing is even if i try to open admin share from 10.0.2.X access is denied for all server.
    Till I add by pass rule like:

    source 10.0.2.x dest 10.0.0.X allow

    But thing is i can not find anything blocked. So i dont understand why its blocked?

    By pass is a temporary solution, till i find the real issue

  3. #3
    Master Untangler
    Join Date
    Feb 2013


    The strange solution i found, was to remove route:

    Network next hop
    Where is a router (MPLS to Branch)

    After I saw all printer and VOIP traffic was blocked by a firewall. So i add exception rules and it was fixed.

    But 1 question still on a line, i got rule:

    Block all from Server Vlan and User Vlan to External Vlan

    So this rule must block all outgoing to external interface. But as i see all traffic from 10.0.0.X (Server Vlan) to 10.0.2.X (Branch) was blocked.

    But i don't have such rule ...
    So i add allow rule from 10.0.0.X to 10.0.2.X. But i think is not correct as there is no block by default. Only rule i have is
    Block all from Server Vlan and User Vlan to External Vlan

    So this looks strange for me ...

    I do not understand why untangle see 10.0.2.X as external (WAN) ?

    Thanks in advise
    Last edited by boris.minakov; 07-06-2015 at 02:57 AM.

  4. #4
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Phoenix, AZ


    If a router doesn't have a route to a network, the traffic is sent to the default gateway which by necessity is pointed at the Internet.

    Routes are created either by address assignment to a local interface, or statically in the routes tab.
    Rob Sandling, BS:SWE, MCP
    Phone: 866-794-8879 x201

  5. #5
    Master Untangler
    Join Date
    Feb 2013


    Dear Team,
    So the strange thing i have is:

    I add route: to go thought

    In such case i do not see anything in firewall logs, but printers and phones do not work.
    Seems strange for me

    So logically it must not block print server and PBX which are in local network in server Vlan
    But something strange is happaning

    If i delete route, i see blocked traffic on firewall, can create exclude rules and it works fine.
    I am just trying to make a local network to go with out a firewall

    Will continue testing

  6. #6
    Master Untangler
    Join Date
    Feb 2013


    Finally i found a solution, one of our network engineers had a wrong route on a Cisco router. So that's why i could see firewall was allowing traffic, but router was redirecting to a wrong route

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts

SEO by vBSEO 3.6.0 PL2