Hi all - hoping for a little bit of peer advice here:
i have an SSG 550M 'hub' fw which tunnels out to several remote internet based juniper fw's. We create tunnels between them and route the traffic down those tunnels. I'm having an issue with the newest one that ive set up and im not quite sure why:
below is a screen shot from my attempt to ping out from a device behind that hub fw to a device out on the remote network. I should note too that the tunnel itself does appear to be up and functioning just fine its just a matter of the traffic not being allowed out for some reason.
Youll see that traffic to the .65 passes on rule 22 which is a rule allowing the whole 192.168.220 net to talk to the 192.168.222 net on a variety of ports (ping included). This traffic to .83 SHOULD be hitting on that same rule and i verified that the network object in use for the 222 net is subnetted as a /24. What am i missing/forgetting here? why is this new traffic being blocked by the global drop (rule 80) and not passing on the rule that the other one is?
any help, advice or suggestions to try would be greatly appreciated
