Hello,
Clients obtaining an IP from the 10.255.7.160 pool cannot connect to the outside world. They obtain an IP. I can ping them from the SRX. I can ping 8.8.8.8 from the SRX. But the clients cannot. What is missing?
If you set a STATIC IP for that network, it works correctly. Users can browse, ping 8.8.8.8, etc.
Example: 10.255.7.180 255.255.255.224 GW: 10.255.7.161
set access address-assignment pool GuestWifiPool family inet network 10.255.7.160/27 set access address-assignment pool GuestWifiPool family inet range r1 low 10.255.7.163 set access address-assignment pool GuestWifiPool family inet range r1 high 10.255.7.189 set access address-assignment pool GuestWifiPool family inet dhcp-attributes maximum-lease-time 28800 set access address-assignment pool GuestWifiPool family inet dhcp-attributes name-server 8.8.8.8 set access address-assignment pool GuestWifiPool family inet dhcp-attributes router 10.255.7.161 set access address-assignment pool GuestWifiPool family inet dhcp-attributes propagate-settings irb.136
set interfaces irb unit 136 family inet address 10.255.7.161/27 set security zones security-zone GuestiNet interfaces irb.136 host-inbound-traffic system-services traceroute set security zones security-zone GuestiNet interfaces irb.136 host-inbound-traffic system-services ping set security zones security-zone GuestiNet interfaces irb.136 host-inbound-traffic system-services dhcp set security zones security-zone GuestiNet interfaces irb.136 host-inbound-traffic protocols all set security policies from-zone GuestiNet to-zone untrust policy Guest-to-untrust match source-address any set security policies from-zone GuestiNet to-zone untrust policy Guest-to-untrust match destination-address any set security policies from-zone GuestiNet to-zone untrust policy Guest-to-untrust match application any set security policies from-zone GuestiNet to-zone untrust policy Guest-to-untrust then permit
set security nat source rule-set trust-to-untrust from zone trust set security nat source rule-set trust-to-untrust to zone untrust set security nat source rule-set trust-to-untrust rule source-nat-rule match source-address 0.0.0.0/0 set security nat source rule-set trust-to-untrust rule source-nat-rule then source-nat interface set security nat source rule-set Guest-to-untrust from zone GuestiNet set security nat source rule-set Guest-to-untrust to zone untrust set security nat source rule-set Guest-to-untrust rule source-nat-guest match source-address 10.255.7.160/27 set security nat source rule-set Guest-to-untrust rule source-nat-guest then source-nat interface
Thank you in advance.