How to connect to host in a different address range and VLAN

SenseiRalph

5/1/24, 5:56 PM

We have an industrial machine that has an intergrated web server we can connect to for changing parameters. The machine has an address in the 172.29.x.x range. My address is in the 192.168.x.x range. Finally, my PC and the machine are in two different VLANs managed by our firewall. The VLANs have unrestricted communication allowed between the two.

What kind of rule(s) or parameters do I have to change in our firewall for these two addresses to be able to communicate? At least I assume that what I have to change is in our firewall.

Edit: our firewall is a Sophos XGS2100, which also does all the routing.

1 + 3

routing

vlan

ip-address

TomTom

5/1/24, 6:05 PM

"What kind of rule(s) or parameters do I have to change in our firewall " - how would we know that given you know so little that you do not even tell us WHAT firewall you have. Als 2 addresses on different networks - that requires a ROUTER. Hire an admin that is not clueless and you will be helped.

TomTom

5/1/24, 6:05 PM

Off topic: Questions seeking installation, configuration or diagnostic help must include the desired end state, the specific problem or error, sufficient information about the configuration and environment to reproduce it, and attempted solutions. Questions without a clear problem statement are not useful to other readers and are unlikely to get good answers.

SenseiRalph

5/1/24, 6:57 PM

I would love to have a much better admin than myself do this, but right now I'm the one responsible with managing our network. I'll keep your recommendations in mind the next time I'll ask a question here.

Score:2

Server

Dre

5/1/24, 6:29 PM

You will need an access rule in your firewall to allow traffic from the 192.168.x.x network (or a host on that network) to the industrial machine (172.29.y.z) and specify the service to be used (sounds like http/tcp port80)

Generally you would start with creating these objects in the firewall, then you use those objects to build the rule in your firewall. Create the objects:

Object 1: IndustrialMachine - 172.29.1.100
Object 2: AdminWorkstation - 192.168.1.100

Create a new firewall rule:

Then you create a new rule where you allow AdminWorkstation access to IndustrialMachine using service HTTP/Port 80. If HTTPS you would use HTTPS/POrt 443

Most firewalls will have a Source, a Destination, and the service used. Your source would be AdminWorkstation, Destination: IndustrialMachine, Service used HTTP/Port 80.

+ 0

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: How to connect to host in a different address range and VLAN

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.