To access or ping the passive HA device's management IP from a client in the LAN, you must create an explicit firewall policy allowing traffic from the LAN subnet to the passive device management IP.
In the example shown below, Rule (LAN_to_HA_PASSIVE_ALLOW) allows traffic from the LAN_SUBNET to the passive device management IP (10.10.10.2) in the HA-PASSIVE zone.
Without this rule, management access and ICMP ping requests from LAN clients to the passive device will be blocked.
This rule is required whenever administrators need direct access to the passive firewall from the internal network.
Once the firewall policy has been created and the client is located within the LAN subnet covered by the rule, you can access the passive device's local web management interface by browsing to its management IP address.
Example: http://10.10.10.2
Comments
0 commentsPlease sign in to leave a comment.