I'm trying to troubleshoot some problem I'm having at my work environment. In my work environment I'm implementing a Guest network which I want completely segregated from the production environment even using a different ISP gateway. I implemented a PBR policy on the interface VLAN of the Guest network which redirects all Guest traffic to ISP 2. The only problem I have is that the UniFi controller can't communicate with the Guest Client and the client won't get the Guest portal which the client needs in order to use the network.
Is there a way I can allow the UniFi controller to communicate with the Guest client? Does PBR perform a block somewhere there? The controller can ping any client on the Guest network if I take out the PBR policy, but without the PBR the Guest network will use the production gateway (ISP 1).
The guest client can ping the controller but the controller can't ping the client.
I use a Paloalto firewall, and have configure 2 Virtual Routers, 1 for production which handles everything, and a 2nd one for the guest traffic.
No comments:
Post a Comment