LAN Routing

Routing beetween HP Procurve and Watchguard with VLANS

New Member

Routing beetween HP Procurve and Watchguard with VLANS



I have a HP 2920-48g with different VLans and want to connect them to an Watchguard XTM 510.


I tried different things, but now I stuck and don´t find a solution.



On my HP Switch:

IP-Routing enabled

no default-gateway in setup 0 (VLAN 300 Gateway Watchguard to internet)

VLAN 300

VLAN 400

(The other VLans I do not describe at first)

Uplink to watchguard tagged VLAN 300+400

(If I do not configure the vlans on uplink port, i can´t to communicate to each other)




Interface 6, tagged 300+400

Vlan300 -

VLAN400 -



Now the problem:


If my client is in Vlan 300 - i have access to internet.

If my client is in Vlan 400 - then i have NO access to internet.


If I make traceroute from Client to from VLAN 400 then my way is (gateway from vlan) --> (vlan Interface watchguard) and then no way further. In my opinon the gateway from vlan should send the the pakets to and not to


And I suppose that the inter-Vlan-Routing will be "destroyed" by connecting my watchguard to switch, because I cannot reach the other vlan-gateways.....very strange behavior, I sitting for hours and this ..... won´t work :(


Any ideas?


Thank you very much

Honored Contributor

Re: Routing beetween HP Procurve and Watchguard with VLANS

I think the issue is you have to decide where your routing is occurring for each subnet.

Currently, you have 2 Layer3 devices in each subnet (Switch & FW).


You need to remove the VLAN 300 & 400 IP addresses from either the switch, or the router.

ie, if you want to route on the switch for VLAN400, then don't trunk the VLAN to the FW as well.


Ideally, do the same for VLAN300, otherwise you get asymmetric routing, as return traffic to VLAN300 hosts will go directly to the hosts from the FW even if the hosts are using the .1 address as their router.