Greetings all,
I've recently started at a company that has had an SSG5 in place for almost a year now. Recently we've decided to segregate a portion of our users. The SSG5 is the gateway to the internet, and all desktops/servers/printers/etc are connected to it via Dell PowerConnect 2724 switches. I plan to VLAN the switches, but first I'm trying to create a new subnet for the new VLAN on the SSG5.
The current subnet is 10.0.0.0/24, and the new subnet is 10.0.1.0/24
First I created a new zone, "vlan-test" for now. Next I assigned the new subnet and zone to interface eth0/5. Bgroup0 has the interface eth0/2-4 and is set to the default zone "trust" and the subnet 10.0.0.0/24. Our internet connection is set to interface eth0/0, subnet x.y.216.26/29, and the default zone "untrust". All three zones are routed using the default Virtual Router "trust-vr". Next, I added a policy that, for testing purposes, allows any/any/any traffic from the "test-vlan" zone to the "trust" zone and "untrust" zone.
At this point, I started testing. I plugged a computer directly into the "test-vlan" interface, eth0/5. I can access all resources on the original subnet, 10.0.0.0/24, but I can not access the internet. I assume I need to add some entries to the routing table to enable this, but I'm not exactly sure what. I tried mirroring as closely as I could what I saw for the original 10.0.0.0/24 subnet in the Networking -> Routing -> Destination section, but this has not worked.
| * | 10.0.0.0/24 | | bgroup0 | C | | | Root | | - |
| * | 10.0.0.4/32 | | bgroup0 | H | | | Root | | - |
| * | 0.0.0.0/0 | x.y.216.25 | ethernet0/0 | S | 20 | 1 | Root | | Remove |
| | | | | | | | | | |
| * | x.y.216.24/29 | | ethernet0/0 | C | | | Root | | - |
| * | x.y.216.26/32 | | ethernet0/0 | H | | | Root | | - |
| * | 10.0.1.0/24 | | ethernet0/5 | C | | | Root | | - |
| * | 10.0.1.1/32 | | ethernet0/5 | H | | | Root | | - |
| * | 0.0.0.0/0 | x.y.216.25 | ethernet0/5 | S | 20 | 1 | Root | vlan-test internet1 | Remove |
| | x.y.216.26/32 | | ethernet0/5 | S | 20 | 1 | Root | vlan-test internet2 | Remove |
| | x.y.216.24/29 | | ethernet0/5 | S | 20 | 1 | Root | vlan-test internet3 | Remove |
It seems the problem lies with "vlan-test internet2" and "vlan-test internet3". How do I make these records as a Host Route (H) and Connected (C) entry? Also, they neither has an asterisk, denoting that it is active.
I get the feeling these records should have been automatically generated at some point, which makes me think I've missed something.
Any suggestions would be greatly appreciated.