11-12-2018 10:30 AM
So I created a VLAN on my controller such as:
I'm looking to give access from the Employee Network, to my internal network. I tried to create a static route via interface, but it's not working.
I realize the idea of a VLAN is exactly for this, but that's what the route is for.
11-12-2018 12:35 PM
You don't need to create the route because the router already has an interface (VLAN) with that subnet, so it knows about the network. InterVLAN communication is enabled by default and is only restricted with firewall rules. All of this is assuming that you're using a USG, are you?
11-12-2018 01:59 PM
yes, using USG Pro 4.
Great! Then interVLAN traffic should be routed automatically. Again, you can restrict it with firewall rules, see here:
Does that help?
11-12-2018 03:13 PM
Because all of your networks are corporate, inter-vlan traffic would be allowed by default. Common mistakes that generally result in unsuccessful communication between VLANs are:
1. The end client doesn't have a default gateway configured, or the wrong one.
2. The end client has a host-based firewall (commonly windows firewall) blocking incoming traffic from subnets that differ from its own.
Static routes are only generally used when more than 1 router is involved, just a note for future reference.