I have a firebox connected to L3 HP Switch, my network has many VLANS all tagged to the firebox, using Dynamic NAT my external network (not internet) routes and has connectivity to all VLANS, but now I want to route from a VLAN on my L3 switch to another VLAN on my firebox.

I'm trying to build a SNAT from an IP address all my VLANS ( can access into a closed network VLAN / host

I've got the SNAT working great from, but I wan this IP to be accessible from all

VLAN 104
VLAN 104 Tagged to Firebox, Firebox IP (VLAN), Secondary IP 10,28.104.100

VLAN IP in Switch
**From Inside VLAN 104 I can ping

VLAN 100 (example of many)
VLAN 100 Tagged to Firebox, Firebox IP (VLAN)
VLAN IP in Switch

**From inside VLAN 100, I can't ping 10.28.104 100

Firewall Ping = Any to Any for testing

In the L3 Switch should route to, but the traffic never finds the address within the VLAN.

I'm doing something fundamentally wrong.


    I would expect you to have packets from 10.28.100.x go to the firewall to route to anything.

    "In the L3 Switch should route to"
    If the L3 switch is doing routing between VLANs then you won't see the traffic hit the firewall - thus the firewall ping policy won't log anything for this test.

