hI sangfor team,

We have encountered an issue in the dmz zone the firewall can ping the dmz server but the local pc cant is there any configuration needed.

or what would be the best solutions for this

jerome_itable has solved this question and earned 10 coins.

Posting a reply earns you 2 coins. An accepted reply earns you 20 coins and another 10 coins for replying within 10 minutes. (Expired) What is Coin?

Enter your mobile phone number and company name for better service. Go

Here's a breakdown of the possibilities and some troubleshooting steps you can try:

Possible causes:

    Firewall rules: The Sangfor firewall might have inbound firewall rules blocking traffic from the local PC to the DMZ server.
    Routing: The routing configuration might not be directing traffic from the local PC to the DMZ server correctly.
    DNS resolution: If the local PC is trying to access the DMZ server by hostname, there might be issues with DNS resolution on the local network.
    IP addressing: The local PC and DMZ server might not be using compatible IP addresses or subnet masks.

Troubleshooting steps:

    Check firewall rules: Verify that there are no inbound firewall rules on the Sangfor firewall blocking traffic from the local PC's IP address or subnet to the DMZ server's IP address or subnet. You can check the firewall rules for the DMZ zone or create a specific rule allowing traffic from the local PC to the DMZ server.

    Verify routing: Ensure that the router connected to the local PC and the DMZ server is configured to route traffic between the two networks. This might involve checking routing tables or static routes if necessary.

    Test DNS resolution: Try pinging the DMZ server by its IP address instead of its hostname from the local PC. If the ping by IP address succeeds but not by hostname, there might be an issue with DNS resolution on the local network. Check the DNS settings on the local PC and the DNS server providing resolution for the local network.

    Confirm IP addressing: Make sure the local PC and DMZ server are using compatible IP addresses and subnet masks. They should be on the same subnet or have a route configured to reach each other's subnets.

    Additional checks:
        If you're using VLANs, ensure that the local PC and DMZ server are on the same VLAN or have proper VLAN tagging configured.
        Check for any temporary firewall rules or access control lists that might be blocking traffic.
        Consider consulting the Sangfor firewall documentation or contacting Sangfor support for further assistance.

Best solutions:

The best solution depends on the specific cause of the issue. However, here are some general recommendations:

    Start with the simplest solution first, such as checking firewall rules or DNS resolution.
    Make changes to the network configuration cautiously and document any changes made.
    Test your changes after making them to ensure they resolve the issue without causing any new problems.
    If you're unsure about any of the troubleshooting steps, consult a network administrator or Sangfor support for assistance.
Is this answer helpful?
Pat Lv4Posted 29 Jan 2024 11:40
  
Firewall is successfully pinging the DMZ server, however the local PC cannot reach it. This may indicate that there is a firewall rule missing that permits traffic from the local PC's IP address to the port of the DMZ server. Alternately, the firewall's source NAT or state inspection settings may be causing issues. To restore connectivity, look for these problems and make the necessary adjustments to the firewall setup. Remember that identifying the precise reason and applying the appropriate remedy will depend on specific rule specifics and logs.
Imran Tahir Lv4Posted 26 Jan 2024 17:44
  
Check your routes and network setting s
Marvin Comamao Lv1Posted 24 Jan 2024 09:12
  
Already solve for dmz to lan to wan and wan to lan can ping to local pc now
Farina Ahmed Lv5Posted 23 Jan 2024 14:14
  
While the firewall is able to ping the DMZ server successfully, local PCs are unable to establish a connection. To address this, first, verify the firewall rules in place for communication between the DMZ and local networks. Ensure that appropriate access rules are configured to allow traffic between the DMZ and local zones. Check for any potential network misconfigurations, such as incorrect IP settings or subnet mismatches. Review the logs on the firewall for any denied traffic or error messages that may provide insights into the issue. If necessary, adjust the firewall settings accordingly, considering security policies while enabling the required communication channels between the DMZ and local networks.
cyber5566 Lv1Posted 17 Jan 2024 12:49
  
you can add new rules to allow traffic lan to dmz dan dmz to lan
Natsu Dragneel Lv3Posted 17 Jan 2024 10:26
  
Check if the firewall rules specifically permit ICMP traffic (pings) from the internal network to the DMZ zone.
Particular Ports: Verify that the proper ports in the firewall rules are open if you're attempting to access particular services (like HTTP or HTTPS) on the DMZ server.
BitCloud Lv3Posted 17 Jan 2024 10:25
  
Think through security implications carefully before activating any services or rules.
Professional Help: Consult a trained network administrator or security specialist for professional help if you're unclear about configuration or troubleshooting.
noime Lv3Posted 17 Jan 2024 10:24
  
Security Guidelines:
ICMP Restrictions: Examine any security guidelines that might prevent communication via ICMP, particularly between the internal network and the DMZ.
Naomi Posted 17 Jan 2024 10:23
  
Make that the firewall provides a path for the DMZ server to return to the internal network.
Front-Server Firewall:
Internal Connections: Verify that the firewall on the DMZ server is set up to accept connections from the internal network if it is present.

I Can Help:

Change

Moderator on This Board

11
7
5

Started Topics

Followers

Follow

1
3
5

Started Topics

Followers

Follow

0
4
5

Started Topics

Followers

Follow

67
20
3

Started Topics

Followers

Follow

3
14
3

Started Topics

Followers

Follow

1
137
3

Started Topics

Followers

Follow

Board Leaders