Why are my networks not segmented?
Hi All,
Model T10-W
Version 11.12.1.B522519
1 Trusted General Office 192.168.25.1/24
2 Trusted Point-Of-Sale 192.168.29.1/24
From a computer on 192./168.25.0/24:
zenmap: nmap -sn -T4 192.168.29.0/24
Starting Nmap 7.98 ( https://nmap.org ) at 2026-02-21 17:28 -0800
Nmap scan report for 192.168.29.1
Host is up (0.0010s latency).
Nmap scan report for 192.168.29.100
Host is up (0.0030s latency).
Nmap done: 256 IP addresses (2 hosts up) scanned in 11.57 seconds
AAAHHHHH !!!!! These are suppose to be segmented. What am I doing wrong ?????
Setting up the following firewall rule fixed it, but why was it necessary?
Yours in confusion,
-T
0
Sign In to comment.
Comments
If you have policies with To: and/or From: Any-trusted or Any, those will potentially allow traffic between different firewall interfaces or VLANs.
Options include:
1) reviewing your policies which may allow these undesired connections from 1 firewall interface to another - and replacing Any-trusted or Any with a different From/To interface name or alias.
2) change the interface type from Trusted to something else, such as Optional or Custom on the the Point-Of-Sale interface AND make sure that traffic between your 2 interfaces is allowed as desired by new or modified policies
Thank you!
Hi All,
Figured it out. By default, each segment is suppose to be segmented. Watchguard even advertises that they are. They are not. They are "mostly" segmented.
This is a bug in the default "Ping" firewall rule, which allow ping to any segment. To stop "nmap -sn -T4 192.168.2xx.0/24" from finding devices on the other segments, you need to change the “To:” section reading “Any” to “Any-External”
HTH someone else,
-T
The default configuration is not expected to meet the needs of any site.
It is merely a starting point.
okay, not a bug, but a starting point. Watchguard should not be advertising that the come segmented by default. So not a bug, but really bad judgement on the part of marketing. Or Watchguard could ship it out segmented by default.