Hi,
Until today I separated my network to 2 zones, trust was the LAN and dmz was WLAN.
Today I tried to create new zone for servers, that way I can control which computers in the LAN have access to the servers. The problem is, in the new "servers" zone I get internet access but no access from/to LAN.
This is what I did:
1. Toke out ethernet0/3 from bgroup0 and set ethernet0/3 with a different IP range (10.0.5.1/24, while the trust use 10.0.0.1/24) and set it with a new zone name "servers".
2. Created policy from servers to untrust with nat for internet access (and I do have internet access on them, works great).
3. Created 2 policies from trust to servers and from servers to trust with the group of IP(s) in the LAN that I want to give access to the servers (servers_users_group). Didn't touch other things in the policy as "service" and such (just keep on the default "any").
4. I don't know if its necessary but anyway on the desktops of server-users and on the servers, I changed their netmask to 255.255.0.0 that way they on 10.0.0.x but in the same netmask with 10.0.5.x servers (other LAN computers still with 255.255.255.0).
But still I do not have access (not even ping) between these users and the servers.
What did I do wrong?
As always, many thanks in advance (:
Edit: I now have another problem, please read my second post in this thread. Thanks.