Screen OS

I'm having trouble with a new zone I've created.  I wanted to install a wireless access point for our office's guests, but keep it seperate from our subnet, so I created a new zone called "Wireless".

I put the zone in the Trust-vr, bound interface bgroup1 with e0/4, gave bgroup1 an IP of 10.201.179.1/24, created a DHCP scope for the interface, and verified that the routes were created for 10.201.179.0/24 and 10.201.179.1/32 to the 0.0.0.0 gateway.  I created a policy from Wireless to Untrust to allow all traffic from any source in Wireless to any in Untrust, but it won't reach the gateway for e0/0.

 

I can create policies that allow Trust to Wireless and Wireless to Trust and they are able to see each other.

 

As far as I can tell, I have the settings for bgroup0, which is our main subnet, and bgroup1 identical, save for their subnets and zones.

 

Did I miss a step somewhere along the way that allows a zone access to the Untrust zone or am I going about this completely wrong?

Most likely you didn't source nat in the policy. Trust zone uses interface nat, custom zone doesn't. Go to advanced screen in policy select source nat behind egress interface.

Deciptively yet delightfully simple.  That worked and I am able to access the internet.  Thank you very much!