SA540 not able to ping host between different vlan

Unanswered Question
Jul 3rd, 2010


I have installed one sa540 in customer place.Customer asked to create separate vlans.sa540 is running the current version.Now i have created vlan and intervlan is enable is the firewall.i am able to ping the intereface ip of different vlans but i am not able to ping the host between different vlans.Its going till the gateway.

one more interesting thing when I am disabling the inter-vlan,even then i am able to ping between different vlan interface.Is it a bug...or other issue.

How to resolve this.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Federico Coto F... Sun, 07/04/2010 - 17:13


Please clarify your issue perhaps with a simple drawing and someone here will help you out.


diptesh1980 Mon, 07/05/2010 - 08:20

Hi Federico,

Thanks for your response.I will expain you the customer scenario.Hope that helps me to get some suggestion.

customer has 3 edge switches in different network.Each switch replicate one vlan.

edge switch1-vlan 1 -netwrk

edge switch 2-vlan2-network

edge switch 3-vlan -network

each edge switch he has upliked to SA540 firewal which is having 4 lan port.In SA540 he has creaated 3 vlan.Now  we are able to reach from one vlan interface ip to other vlan.but host from one vlan to the host of other vlan is not reachable.Customer  removed the switches and tried connecting the host direclty to the firewall where different vlans has been configured.Here also same problem.FOM ONE VLAN TO OTHER VLAN INTERFACE IP IS PINGING,but host between the vlans are not pinging.

Federico Coto F... Mon, 07/05/2010 - 19:59

Are the default gateways for the VLANs the SA540?

When you try to PING from 192.168.x.0 to 192.168.y.0, it should go through the SA540 (because is the default gateway for those VLANs correct)?

The SA540 has an IP address belonging to each VLAN and you can PING that IP from the hosts?


diptesh1980 Mon, 07/05/2010 - 21:40

Hi Federico,

You are right.The host is able to ping the defaultgateway of the other vlan but it's not able to ping the host of the other vlan.


Federico Coto F... Fri, 07/09/2010 - 08:01

Sounds strange.

You say that you can PING from one VLAN interface to another? This means that ICMP is permitted through the SA540?

Do you have any rule on the SA540 that might be preventing PINGs between VLANs?



This Discussion