Emile, I appreciate the suggestion, but unfortunately it does not work even with trying all of those things. I'm wondering if anyone has been able to make this work on their own XG setup. Hosts in the DMZ (or secondary LAN) subnet have no problem communicating with hosts in the primary 192.168.1.0 network; individual hosts can ping each other just fine, and accept connections. So regardless of whether an incoming connection was coming from the same subnet or a different one, it will be accepted because the proper policies and static routes (where appropriate) are in place. The issue seems to be with the XG agreeing to route the packets properly. In testing each of these options, I have run the "Packet Capture" in the System Diagnostics and can see that the ARP-NDP Request packets are consumed but no further packets are being forwarded (which is what would be happening if what I've already done was working but the packets were being dropped on the other side). What I want to happen is when a routing request comes in from anywhere on 192.168.1.0 for 192.168.1.x, the XG will capture that and translate it to 192.168.2.y and forward the packets to that IP. It does not seem to want to do that, with the ways that I have been asking it to.
↧