Skip to content

Network#

  • in Network
  • 4 min read

Routing Layer 2 Networks with VergeOS

Routing IP Traffic to L2 physical networks

This article will walk through an efficient method of routing layer 3 IP traffic for layer 2 physical networks with the powerful VergeOS networking system. There are multiple ways to achieve this, however the objective of this article is to provide clear and concise guidance on a specific common scenario. This article should be particularly of use and interest to engineers and administrators of Edge deployments in which physical devices like phones, cctv cameras, or network equipment require communication with workloads in VergeOS that may be running on different IP subnets. Using this method, an operator can achieve direct local communication between those physical devices outside of VergeOS and the internal VergeOS managed networks.

Steps Overview

  1. Create Layer2 External network
    • It is important that this network is created with no IP information. If the IP block is already assigned to this interface, it cannot be added to the default route in the next step.
  2. Create IP block on the External network that will route the traffic (Likely default External)
    • By adding the IP block here, we're telling VergeOS to expect this IP traffic to come in via this interface, and in our next step we will tell Verge networking where to send it.
    • Assign IP block to step 1 external network (or tenant)
    • Upon saving, VergeOS will automatically create route(s) to send inbound traffic with matching destination IPs to our Layer2 network which may also have VMs attached, allowing all clients to communicate across networks within Verge (with appropriate firewall rules) and to networks outside of Verge via the default route.
  3. Return to the Layer2 External to Assign IPs and other L3 options
    • Depending on your upstream configuration, you may need to set additional routes outside of Verge in upstream routers to route traffic destined for this subnet (192.168.2.0/24 in our example) via the Verge External IP.

Helpful Related Documents

Introduction to Network Blocks : Network Blocks Overview
Routing Basics : Routing Internal Networks
Network Rules : VergeOS Product Guide - Network Rules
Network Troubleshooting : VergeOS Product Guide - Network Troubleshooting

Demo Scenario

In our sample scenario below, we'll be routing the 192.168.2.0/24 address space via the VergeOS External interface to a layer2 network named "l2demo". In this scenario, any VM attached to l2demo with a static IP (in the correct address space) or with DHCP enabled would be able to reach the internet, as would any physical devices outside of Verge, via the L2 interface. Inbound traffic could be allowed and controlled via further rules. Outbound traffic could be restricted via further rules as well, paying attention to rule order.

Demo Scenario Details
  • IP Block to Route: 192.168.2.0/24
  • Verge External IP: 10.1.1.2
  • Verge External L2 Network: l2demo
  • L2 Network ID : 1010
  • Verge Upstream Gateway: 10.1.1.1
  • Verge Physical Interface: phys1
Create the L2 network
In Home > Networks > Externals
  1. Click New External
  2. Name: l2demo
  3. Description: Optional
  4. Layer 2 Type: vLan
  5. Layer 2 ID: 1010
  6. IP Address Type: None
  7. Interface Network: phys1
  8. Click Submit to save.
  9. Click "Power On" on the network page after saving. - Ensure the network powers up without errors in the Log box
Create IP block on External and Assign it
  1. Click "Network Blocks" on the External network page
  2. Click "New"
  3. Network Block: 192.168.2.0/24
  4. Owner Type: Network
  5. Owner: l2demo
  6. Click Submit You will be returned to the Network Blocks page, now showing your new block and the Owner it is assigned to.
Assign IP info to L2 network
  1. Return to the l2demo network
  2. Click "Rules" - Confirm Firewall rules are awaiting application. Check to confirm there is now an Outgoing route; the new rule. We'll apply it later. - Click Cancel to exit back to the network page
  3. Click Edit to assign IP info to the network.
  4. IP Address Type: Static
  5. IP Address: 192.168.2.1
  6. Network Address 192.168.2.0/24
  7. DNS: Simple
  8. DNS Server: 10.1.1.1
  9. DHCP: enable
  10. Dynamic DHCP: enable
  11. DHCP Start Address: 192.168.2.200
  12. DHCP Stop Address: 192.168.2.254
  13. Click Submit to save

At this point you have created everything you should need, but it's still pending application and a network restart to add Layer2 to l2demo. - Return to your Networks Dashboard and click All Networks - Note the External and l2demo networks marked as "Needs FW Apply" and l2demo "Needs Restart" - Restart the l2demo network by selecting it and clicking "Restart". - Accept the offer to apply firewall rules on restart and click "yes" to confirm. - Apply FW Rules on External by selecting it and clicking "Apply Rules". - Click "yes" to confirm - OUTSIDE OF VERGE (In the upstream router): Set a route on 10.1.1.1 to send 192.168.2.0/24 via 10.1.1.2 and set any other required policies for traffic on that device.

Tenant Variation

When applying the above process to a Tenant there are two generally common implementations.

  • Ideally, a tenant VM that needs to access a physical layer 2 network would do so via routes, creating appropriate routes and rules to allow traffic from an internal tenant network to a layer 2 network; e.g. our previous "l2demo" network via the 192.168.2.1 gateway.
  • If Native layer 2 access is required inside tenant networks, see Provide Layer 2 Access to a Tenant to create a Virtual Wire connecting the tenant network to the Layer 2 External interface outside of the tenant.

Warning

If devices cannot reach the internet, double-check: - Upstream route to 192.168.2.0/24 is set
- Firewall rules are applied in correct order
- VM or device IP/subnet matches the assigned block

Provide Layer 2 Access to a Tenant

Key Points

  • These instructions pertain to environments with specific requirements for tenant layer 2 connectivity (e.g. utilizing existing non-virtualized network infrastructure or tenant customers with direct MPLS lines, etc.)
  • Virtual Wires (virtual network uplinks) are used.

High-Level Steps

  1. Prepare the physical network: verify VLANs are configured on the appropriate physical switch ports so that they are accessible within the VergeOS environment.

Warning

VLANs 1 & 100-102 cannot be used in a virtual wire capacity. These VLANs are reserved for internal traffic. These IDs can, however, be remapped to other VLAN IDs for tenant consumption.

  1. Create the Virtual Wire Determine whether the tenant will need access to a single VLAN or multiple VLANs. This will determine the virtual wire configuration:

Virtual Wire Host Placement

When using a virtual wire, both networks participating in that virtual wire must be on the same host. Failure to meet this requirement can lead to network connectivity issues.

  1. Add VLANs Inside the Tenant

Creating a 1:1 Virtual Wire

  1. Ensure the VLAN(s) have been configured in the VergeOS UI. If not, follow the steps to create VLAN(s) here.
  2. From the Main Dashboard, select Networks in the left menu to open the Networks Dashboard.
  3. Select Virtual Wires in the left menu to view all virtual wires in the environment.

  4. Select New to create the first half of the virtual wire:

    • Name: a descriptive name, e.g., VLAN from host, etc.
    • Network: the external network with the corresponding VLAN to pass to the tenant
    • Destination Wire: field should display --Empty List-- or select --None--
    • PVID: 1.
      Example Configuration: virtual-wire-create-settings.png

  5. Submit your changes and return to the virtual wires list view.

  6. Select New to create the second half of the virtual wire:

    • Name: a name to identify the wire such as vlan id, tenant, purpose, etc
    • Network: the tenant network, typically named tenant_'$TENANTNAME'.
    • Destination Wire: the other half of the virtual wire created above.
    • PVID: VLAN ID of the network being attached.
      Example Configuration: virtual-wire-create-settings-tenant.png

  7. Submit your changes.

  8. Navigate to the Networks Dashboard, select Networks, and Apply Rules for both networks connected by the virtual wires.

Creating a Trunk Mode Virtual Wire

Bridge Mode Required

To use trunk mode virtual wires, the corresponding physical network (tied to node NICs) must be set to Bridge mode.

Set the Physical Network to Bridge Mode

  1. Navigate to Networks in the left menu to access the Networks Dashboard.
  2. Select Networks again to view all networks in the environment.
  3. Double-click the Physical Network (NIC) that the VLANs are trunked to on the physical switch.

Tip

A physical Network typically has "Switch" appended to the name and represents a physical NIC on a node.

  1. Select Edit to enter the network configuration page.
  2. In the configuration page, enable Physical Bridged to activate Bridge Mode. It is best to set the On Power Loss setting to Power On so that the network starts up automatically after a system power loss.
  3. Submit your changes.
  4. Reboot the necessary nodes for Bridge Mode to become active.

Follow proper Maintenance Mode procedures when rebooting a node to avoid workload disruptions.

Configuring a Trunk Mode Virtual Wire

  1. Ensure the physical network is set to Bridged Mode and is powered on.
  2. From the Main Dashboard, navigate to Networks > Virtual Wires.

  3. Select New to create the first half of the virtual wire.

    • Name: identify the wire, e.g., "trunk from host"
    • Network: physical network with the corresponding VLAN to pass to the tenant.
    • Destination Wire: should display --Empty List-- or select --None--
    • PVID: 0
    • Allowed VLAN List: comma-delimited and with ranges as necessary
      Example Configuration: vw-trunk-host.png

  4. Submit your configuration.

  5. Select New to create the second half of the virtual wire.

    • Network dropdown, select the tenant network that the VLAN will be passed to, typically named tenant_'$TENANTNAME'.
    • PVID: 0
    • Allowed VLAN List: comma-delimited and with ranges as necessary
      Example Configuration: vw-trunk-tenant.png

  6. Submit your changes.

  7. Navigate to the Networks Dashboard, select Networks, and Apply Rules for both networks connected by the virtual wires.

Add VLANs Inside the Tenant

  1. Navigate to the tenant UI and log in.
  2. From the Main Dashboard, navigate to Networks, then select New External.
  3. Configure settings:
    • Name: a label to identify the network (name, vlan ids, purpose, etc.)
    • Layer 2 Type: VLAN
    • Layer 2 ID: VLAN ID
    • Interface Network: Physical
    • IP Address Type: None
      Example Configuration: virtual-wire-network-in-tenant.png

Leave other fields at default settings unless specific configuration needed. For information about additional external network options, see: How to Create an External Network

  1. Submit your configuration.
  2. Attach workloads to the network for Layer 2 access to networks outside VergeOS.

Troubleshooting Steps

Traffic is not reaching the virtual machine

  • Confirm firewall rules related to the virtual wire have been applied.
  • Verify the destination tenant network and VLAN network are in the "Running" state and reside on the same physical node.
  • Ensure VLANs are trunked to the correct physical node ports.

Document Information

  • Last Updated: 2024-09-03
  • VergeOS Version: 4.12.6

Change External Network to Bonded with Tagged VLAN

Overview

Key Points

  • This procedure creates an active-backup bond across vlanned physical networks.
  • It is recommended for bare-metal installations with a limitation of 2 NICs per node.
  • System downtime is not required to make this change.

This guide outlines the process to create a bonded external network across vlanned physical networks. The outlined method provides optimal redundancy for bare-metal installations that are limited to two NICs per node, allowing for two independent core-fabric networks and a single-VLAN, bonded external network.

Prerequisites

Warning

  • This process should be performed with local server access because external network changes can affect remote UI access. This will also allow you to test the bond configuration by removing one of the network cables to verify expected bond failover.
  • Before making any significant system changes confirm you have the name/password for the "admin" user (user ID #1 (1)), in case command-line operations become needed.
  1. Hint: "Key=1" parameter is in the URL of the user's dashboard

Steps

  1. Navigate to the External Network dashboard (
    • Main Dashboard > Networks > Externals
    • Double-click External Network
    • Click Edit on the left menu
  2. Change Layer 2 Type to vLAN and enter appropriate Layer 2 ID (VLAN number).
  3. Select the option to Enable Bonding.
  4. Select the Physical Networks you want to participate in the bonding.
  5. Click Submit to save the change.

Post Configuration

  1. Check the external network by accessing the UI from a remote connection.
  2. Test Bond failover: Navigate to the external network dashboard and select NICs to view the network adapters. Physically disconnect one network cable. The UI should now indicate the NIC is in a "Down" status; verify remote UI access is still available.

Verify core network redundancy is in place before disconnecting network cables.

Troubleshooting

Common Issues

  • Problem: Loss of remote access
  • Solution:
    1. Check correct VLAN was entered in the external network config
    2. Verify network switch ports are correctly configured for the VLAN tag.

Additional Resources

  • in Network
  • 2 min read

Configuring BGP Hold Down Timers

BGP (Border Gateway Protocol) hold timers are critical for maintaining stable BGP sessions between routers. This document will guide you through configuring the BGP hold down timers to 5 seconds for the keepalive interval and 15 seconds for the hold time.

Prerequisites

  1. Basic BGP Configuration: You should have a basic BGP configuration set up.
  2. Basic Knowledge of FRR Configuration: Familiarity with FRR configuration commands and procedures.

Configuration Steps

Step 1: Setup BGP

  1. Create a new External Network.
  2. Set its IP address type to BGP/OSPF.
  3. Set an ASN (Autonomous System Number).
  4. Define the IP address and Network Address.
  5. If this is a VLAN, configure the Layer 2 ID.
  6. Select an interface network.

Step 2: Open the BGP Network

  1. Open the network you created.
  2. Select Routers from the left menu.
  3. Open the ASN you defined during network creation.
  4. Select New from the left menu.
  5. Select Timers from the command menu.
  6. Under Parameters, enter bgp x y where x is the keepalive interval and y is the hold time. For example, bgp 5 15.
  7. Select Submit. This will return you to the Router page.
  8. Navigate back to the BGP network. A restart is required for the recent changes to take effect. Click Restart to apply changes.

Step 3: Verify the Setting

  1. Navigate back to the BGP network you configured.
  2. Select Network Diagnostics from the left menu.
  3. Choose FRRRouting BGP/OSPF from the Query dropdown.
  4. Run the default command show running-config.
  5. The settings modified in Step 2 should now appear in the running configuration.

For more information on other values and variables, refer to the FRR documentation.

  • in Network
  • 2 min read

How to Create an External Network

This guide provides steps for creating an external network in VergeOS. The example assumes that the physical network in VergeOS is named External Switch, the VLAN for the new network is 50, and a static IP address is being used.

Steps

  1. Access Network Configuration:
  • From the home screen of the UI, click on Networks and select New External.
  1. Configure Network Settings:
  • Network Name: Enter a name for your network. In this example, use WAN1.
  • Layer 2 Type: Set to vLAN.
  • Layer 2 ID: Enter the VLAN ID, in this example, 50.
  • MTU: Leave as 1500 (Advanced users may adjust this as needed).
  • Interface Network: Select the physical network, in this example, External Switch.
  1. Configure Network Router:
  • IP Address Type: Select Static. (If using DHCP, select it here and skip the remaining router steps).
  • IP Address: Enter the IP address for this network. Example: 192.168.212.2.
  • Network Address: Enter the network address in CIDR format. Example: 192.168.212.0/24.
  • Gateway Monitoring: Enabling this feature is recommended for network reliability.
  1. Save and Activate the Network:
  • Click Save and wait for the network to power on. Once it displays as Running, proceed to set up routing rules.
  1. Add Default Routing Rule:
  • Click on Rules and select New.
  • Rule Name: Enter a name for this rule, such as default route.
  • Action: Select Route.
  • Direction: Choose Outgoing.
  • Source and Destination Filters: Leave as any and default since this is the default route.
  • Target:
    • Type: Select IP/Custom.
    • Target IP: Enter the router IP of your gateway. Example: 192.168.212.1.
  • Click Save, then Apply Rules.

Feedback

Need Help?

If you have any questions or encounter issues while creating an external network, please reach out to our support team for assistance.

Document Information

  • Last Updated: 2024-10-30
  • VergeOS Version: 4.12.6
  • in Network
  • 2 min read

Network Blocks

Network Blocks Overview

Network blocks in VergeOS are a powerful way to assign multiple IP addresses to tenants or networks for workloads. This method is preferred over virtual wires since VergeOS focuses on Layer 3 connectivity, avoiding the common issues associated with Layer 2 connections (like virtual wires). Network blocks also allow the direct assignment of public IP addresses to VMs inside an internal network or a tenant.

Creating a Network Block

  1. In the VergeOS UI, navigate to the External Network where the network block will originate.
  2. In the left menu, select Network Blocks, then click New.
  3. Enter the network block information in CIDR notation (e.g., a.b.c.d/n).
  4. To assign the block to a tenant at creation, set the Owner Type to Tenant, then select the tenant from the Owner drop-down.
  5. Submit your work to create the block.
  6. To apply the automatically created rules, select the External breadcrumb in the header to return to the network dashboard. Then, select Apply Rules from the left menu or click the notification pop-up.

Creating a Network from a Network Block

  1. Log in to the tenant's URL with the necessary credentials.
  2. Navigate to Networks, then go to the External Network Dashboard.
  3. In the left menu, select Network Blocks.
  4. Select the network block assigned to the tenant.
  5. Click New Network in the left menu.
  6. Give the new network a name. The rest of the details will be pre-filled based on the CIDR information.
  7. Modify any details in the form if necessary, then submit to create the network.
  8. After creation, the system will redirect you to the new network's dashboard. The necessary routes and accept rules will be set up automatically, but note that inbound traffic will be dropped by default. Add appropriate firewall rules to allow inbound access.
  9. Power on the network using the option in the left menu.
  10. Assign any desired virtual machines to the network and test connectivity.

Document Information

  • Last Updated: 2024-08-29
  • vergeOS Version: 4.12.6

Allow Root to Tenant Site Connection

Overview

Important

Adding this rule will allow tenants to connect on the DMZ network. By default, this is disabled for security reasons.

This guide provides instructions on how to connect a root system to a tenant site in VergeOS. The Sites feature is typically used to connect two VergeOS sites together, but to extend this functionality to a tenant site, you’ll need to add a specific rule on the root system's External network.

Prerequisites

  • Access to the Root system with administrative privileges.
  • A basic understanding of network rules and DMZ interfaces in VergeOS.

Steps

  1. Access External Networks - In the Root system, navigate to Networks and then External Networks. - Double-click on the External network.

  2. Add the Rule - In the left menu, click on Rules. - Before adding a new rule, ensure it doesn’t already exist. - Click New in the left menu. - Enter the following details:

    • Name: Enter a descriptive name such as "Allow Tenant to Root".
    • Action: Translate.
    • Protocol: ANY.
    • Direction: Outgoing.
    • Interface: DMZ.
    • Source: Other Network Address (DMZ).
    • Destination: Any/None.
    • Target: My Router IP.

Rule Configuration

  1. Submit and Apply - Click Submit. - In the left menu or at the top, click Apply Rules to activate the new rule.

After the rule is applied, the root system should now be able to connect to the tenant site.

Testing the Rule

To verify that the rule works, follow these steps:

  1. From the Home screen, click System in the left menu.
  2. Click on Nodes in the left menu.
  3. Double-click on Node1 or select Node1 and click View.
  4. In the left menu, click on Diagnostics.
  5. Change the Query to TCP Connection Test.
  6. Set Host to the UI IP/Host of the tenant system.
  7. Set Port to 443.
  8. Click Send.

The Response should say Connection successful. If the connection fails, review the rule to ensure accuracy, particularly ensuring that the Interface is set to DMZ rather than Auto.

Troubleshooting

Common Issues

  • Issue: Connection test fails.
  • Solution: Double-check that the rule is configured correctly, especially the interface settings. Also, ensure there are no blocking rules that could prevent the connection.

Additional Resources

Feedback

Need Help?

If you encounter any issues while setting up the root-to-tenant site connection, or have any questions, feel free to contact our support team.

Document Information

  • Last Updated: 2023-09-12
  • VergeOS Version: 4.12.6

Troubleshooting VM Network Connectivity Issues

Before you begin, verify if other virtual machines in the environment can access the internet. If no other machines can, there may be a network issue upstream of the VergeOS platform that is preventing access to the outside world. If other VMs are still able to access the internet, the most likely cause is that a configuration step was missed.

The following are the most common configuration mistakes that cause network issues:

  • Missing NIC Configuration: The newly created VM may not have a NIC configured. To verify this, review the NICs section of the VM dashboard. Ensure at least one NIC is present. If not, add one.
  • Incorrect Network Assignment: The VM's NIC may be connected to the wrong network. In the NICs section, ensure at least one NIC is present with the status set to Up, and verify that the correct network is listed. If not, edit the NIC and assign the correct network (one used by a VM with internet access).
  • Improper IP Configuration: The VM might not have a properly configured IP address. Typically, this is resolved at the guest level. Refer to the guest operating system’s documentation to ensure the NIC is detected, installed (with drivers), and configured correctly.
  • Virtio Drivers Not Installed: If the Virtio drivers are not installed, the NIC may not function properly. For instructions on installing Virtio drivers, refer to the Product Guide.

Document Information

  • Last Updated: 2024-09-03
  • VergeOS Version: 4.12.6

Accessing the Verge.io UI from a VM

Overview

Key Points

  • Access the VergeOS UI from a VM within your environment
  • Utilize hair-pinning network technique
  • Create a specific network rule on the internal network

This article guides you through the process of setting up access to the VergeOS User Interface (UI) from a virtual machine (VM) running inside the VergeOS system. This is accomplished using a networking technique known as hair-pinning, where a packet travels to an interface, goes out towards the Internet, but instead of continuing, it makes a "hairpin turn" and comes back in on the same interface.

Prerequisites

  • A running VergeOS environment
  • A virtual machine (VM) within your VergeOS environment
  • Access to the VergeOS UI
  • Basic understanding of network rules in VergeOS

Steps

  1. Navigate to the Internal Network - Log into your VergeOS environment - Go to the internal network that your target VM is connected to

  2. Create a New Rule - Locate the option to create a new rule - Configure the rule with the following settings:

    Rule: - Name: Use a reference name, such as "Allow UI" - Action: Translate - Protocol: TCP - Direction: Incoming - Interface: Auto - Pin: No

    Source: - Type: Any / None - Source Ports/Ranges: Leave blank

    Destination: - Type: My Network Address - Destination Ports/Ranges: 80, 443

    Target: - Type: Other Network DMZ IP - Target Network: Core - Target Ports/Ranges: Leave blank

  3. Submit the Rule - Click "Submit" to save the rule

  4. Apply the New Rule - Click "Apply Rules" to activate the newly created rule

  5. Access the UI from the VM - Open a web browser within your VM - Navigate to the IP address of the internal network (e.g., if the internal network IP is 192.168.0.1, use this address)

Pro Tip

Always ensure that your VM's network settings are correctly configured to use the internal network where you've set up this rule.

Visual Guide

Here's a visual representation of the rule configuration:

hairpin.png

Troubleshooting

Common Issues

  • Problem: Unable to access the UI after creating the rule
  • Solution:
    1. Verify that the rule is applied correctly
    2. Check if the VM's network interface is on the correct internal network
    3. Ensure no firewall rules are blocking the connection

Additional Resources

Feedback

Need Help?

If you encounter any issues while setting up UI access or have questions about this process, please don't hesitate to contact our support team.

Document Information

  • Last Updated: 2024-08-29
  • VergeOS Version: 4.13.3

How to Configure Routing Between Networks

The following is a simple method to establish a route between two networks in the VergeOS platform.

Create a Network Rule on the First Network to Route Traffic to the Second Network

  1. Navigate to the first network that you would like to route traffic from.
  2. From the network dashboard, click on Rules in the left navigation menu.
  3. In the Rules menu, click on New to create a new network rule.
  4. Configure the rule with the following settings: - Rule:
    • Name: A name indicating this rule is a route to the second network.
    • Action: Route
    • Protocol: Any
    • Direction: Outgoing
    • Source:
    • Type: My Network Address
    • Destination:
    • Type: Other Network Address
    • Network: The name of the second network
    • Target:
    • Type: Other Network DMZ IP
    • Target Network: The name of the second network
  5. After completing this rule, click Submit to save the rule.

Create a Network Rule on the First Network to Allow Traffic from the Second Network

  1. From the same network dashboard, click on Rules in the left navigation menu.
  2. In the Rules menu, click on New to create a new network rule.
  3. Configure the rule with the following settings: - Rule:
    • Name: A name indicating this rule allows traffic from the second network.
    • Action: Accept
    • Protocol: Any
    • Direction: Incoming
    • Source:
    • Type: Other Network Address
    • Network: The name of the second network
    • Destination:
    • Type: My Network Address
  4. After completing this rule, click Submit to save the rule.
  5. Click Apply Rules to enable the rule.

Info

After completing the two rules on the first network, you will need to create identical rules on the second network.

Create a Network Rule on the Second Network to Route Traffic to the First Network

  1. Navigate to the second network that you would like to route traffic from.
  2. From the network dashboard, click on Rules in the left navigation menu.
  3. In the Rules menu, click on New to create a new network rule.
  4. Configure the rule with the following settings: - Rule:
    • Name: A name indicating this rule is a route to the first network.
    • Action: Route
    • Protocol: Any
    • Direction: Outgoing
    • Source:
    • Type: My Network Address
    • Destination:
    • Type: Other Network Address
    • Network: The name of the first network
    • Target:
    • Type: Other Network DMZ IP
    • Target Network: The name of the first network
  5. After completing this rule, click Submit to save the rule.

Create a Network Rule on the Second Network to Allow Traffic from the First Network

  1. From the same network dashboard, click on Rules in the left navigation menu.
  2. In the Rules menu, click on New to create a new network rule.
  3. Configure the rule with the following settings: - Rule:
    • Name: A name indicating this rule allows traffic from the first network.
    • Action: Accept
    • Protocol: Any
    • Direction: Incoming
    • Source:
    • Type: Other Network Address
    • Network: The name of the first network
    • Destination:
    • Type: My Network Address
  4. After completing this rule, click Submit to save the rule.
  5. Click Apply Rules to enable the rule.

Document Information

  • Last Updated: 2024-08-29
  • vergeOS Version: 4.12.6