Switches, Hubs, and Modems
cancel
Showing results for 
Search instead for 
Did you mean: 

Problem with ping (and IP) between Firewall "Phion" and ProCurve 4104gl or 4208vl

Carsten M
Regular Advisor

Problem with ping (and IP) between Firewall "Phion" and ProCurve 4104gl or 4208vl

Hallo!
On a module J4908A in one of the 4104gl are connected 4 Ports from the Switch to the Firewall “Phion”. IP address of the SWITCH is in the default Vlan. One Port has one Vlan to transfer as untagged connection. The 2 Switch 4104gl and one Switch 4208vl are connected among themselves and the ping from switch to switch ist ok.
The 4208 works with MSTP and the 4104 works with RSTP.
Problem: ping of any Procurve SWITCH to the “Phion” - >no response, show arp - > MAC address and Port to the “Phion” OK, CLEAR arp - > ping to the “Phion” OK, also a duration "Ping", waits over 2 minutes, ping to the “Phion” - > NO response, show arp…, Clear arp….
Problem arises with old and current Switch firmware.
cm60
6 REPLIES
Jonathan Axford
Trusted Contributor

Re: Problem with ping (and IP) between Firewall "Phion" and ProCurve 4104gl or 4208vl

Hi Carsten,

Is there any settings on the firewall that would prevent ICMP (Ping) from being processed?

Also, does the Firewall know how to get back to the switches, does it need a static route configured?

Just come thoughts...
Where there is a will there is a way...
Carsten M
Regular Advisor

Re: Problem with ping (and IP) between Firewall "Phion" and ProCurve 4104gl or 4208vl

Hi Jonathan!
Firewall and SWITCH are in the same Vlan.
Connected via 4 Ports. All Ports untagged with one Vlan on the Link. One of these Links ist the Default Vlan with the IP address of the switch of one side and the ip address of the firewall of the other side in these ip subnet. The SWITCH works only on Layer 2. The Firewall is default gateway of the Switches. Where is no firewall rule that denied the ping.
cm60
Jonathan Axford
Trusted Contributor

Re: Problem with ping (and IP) between Firewall "Phion" and ProCurve 4104gl or 4208vl

Hello again,

Does traffic flow through the Firewall ok? Do you have any hosts on the network that can browse hte internet etc through the Firewall?

It seems like a strange one to me, you appear to have Layer 2 connectivity if you can see the Phion Mac address in the switch...

Where there is a will there is a way...
Paul Sheppard
Occasional Visitor

Re: Problem with ping (and IP) between Firewall "Phion" and ProCurve 4104gl or 4208vl

Are you pinging by IP or name? If by name check your DNS settings/etc. Check the gateway's on each system. If its not a ping filtering issue by one of the end points, and one host can ping the other, I would say you have a return route or VLAN setup issue, wrong gateway address on your VLAN, switch/host routes, etc. If it's security, try to turn the firewall off and see what happens. DO you have ROUTING turned on in the switch? Do you have port security, forbit etc. turned on in the switch? Can the 4104gl, firewall ping other host address. One last thought, the 4104gl is a layer 2 switch, unless you tag one of the ports in each VLAN i.e. DEFAULT VLAN to the VLAN1, I don't think you can ping other VLANs on the same switch 4104gl. Try to ping the VLAN IP's from the switch/PC. Another thought on the 4104gl, try setting up a default gateway and default route pointing out to your firewall, then setup your routing on the firewall to go back into the switch.
Carsten M
Regular Advisor

Re: Problem with ping (and IP) between Firewall "Phion" and ProCurve 4104gl or 4208vl

Hi Jonathan!

Yes, is it only a problem between switch and Firewall Hardware. All other traffic between lan and firewall works fine.
Duplicate ip adresses i could not see.

Hi Paul!
I ping only with names. Gateway ist the firewall and the mask is also ok. Routing is off on the switch. Both are in "default vlan"
vlan 1. ping to other hosts (example a cisco router) is possible.
Why can i ping the firewall after a "clear arp" but not at another arbitrary time?

I think the problem is the ip-stack in the firewall from Phion.
cm60
Carsten M
Regular Advisor

Re: Problem with ping (and IP) between Firewall "Phion" and ProCurve 4104gl or 4208vl

Problem is the Phion. Phion answers the requests with a wrong mac address.
cm60