Hi everyone.
I have a network with different subnets for the users that can't communicate with each other (this is a requirement from our clients), and a central subnet for the servers that everyone can reach (for domain authentication, file server, printers, and so on). So far, so good, everything is working as fine as should, now I have to expand the network and add a second Firewall SRX240 with other subnets including a new servers subnet, because my current Firewall has no ports available.
In the topology attached I drawed only the main subnets as example, but all the ports on the Firewall FW01 are already in use, only the Ge-0/0/15 are available.
- In the FW01 I added a new zone called "Link", setted the Ge-0/0/15.0 as member and setted the policies to permit traffic in both ways to the others zones-interfaces, then when I connected a notebook to this port with the NIC configurations in this subnet I can ping and access the others subnets.
- In the FW02 there's already policies that permit traffic between Ge-0/0/0.0 and Ge-0/0/1.0 interfaces zones, but i can't ping from the 172.32.1.0/24 LAN to the the others in the FW01.
What do I missing here? How can I accomplish this?
(PS: Sorry by the grammar mistakes, English is not my natural language.)