hi, I have successfuly implemented the management LAN accessible from the L009 LAN (172.22.2.0/24) and wanted to make this LAN accessible also from the PALO ALTO LAN I created 10.101.2.0/24. I seem to be able to ping devices Printer, interfaces on 172.22.2.0 from my Laptop sitting on 10.101.2.0 but i cant seem to actually print or access the PALO ALT GUI from 10.101.2.0 here is the config of my Mikrotik and the diagrams. any iodeas of what could be missing from this puzzle?
# 2025-09-16 23:16:20 by RouterOS 7.19.4
# software id = 8504-TJGS
#
# model = L009UiGS
# serial number =
/interface bridge
add name=bridge1
/interface ethernet
set [ find default-name=ether1 ] name=ether1_WAN
set [ find default-name=ether8 ] name=ether8_MGMNT
/ip pool
add name=dhcp_pool0 ranges=172.22.2.20-172.22.2.200
add name=dhcp_pool1 ranges=10.10.10.20-10.10.10.200
/ip dhcp-server
add address-pool=dhcp_pool0 interface=bridge1 lease-time=1d name=dhcp1
add address-pool=dhcp_pool1 interface=ether8_MGMNT lease-time=1d name=dhcp2
/port
set 0 name=serial0
/interface bridge port
add bridge=bridge1 interface=ether2
add bridge=bridge1 interface=ether3
add bridge=bridge1 interface=ether4
add bridge=bridge1 interface=ether5
add bridge=bridge1 interface=ether6
add bridge=bridge1 interface=sfp1
/ip settings
set rp-filter=loose
/ip address
add address=192.168.1.247/24 interface=ether1_WAN network=192.168.1.0
add address=172.22.2.1/24 interface=bridge1 network=172.22.2.0
add address=10.10.10.1/24 interface=ether8_MGMNT network=10.10.10.0
add address=10.101.2.230/24 disabled=yes interface=ether7 network=10.101.2.0
/ip dhcp-server network
add address=10.10.10.0/24 dns-server=8.8.8.8,1.1.1.1 gateway=10.10.10.1
add address=172.22.2.0/24 dns-server=8.8.8.8,1.1.1.1 gateway=172.22.2.1
/ip dns
set servers=8.8.8.8,1.1.1.1,8.8.4.4
/ip firewall filter
add action=accept chain=forward connection-state=established,related \
connection-type=""
add action=accept chain=forward connection-state=established,related,new \
connection-type="" dst-address=172.22.2.0/24 log=yes src-address=\
10.101.2.0/24
add action=accept chain=forward connection-state=established,related,new \
connection-type="" dst-address=10.101.2.0/24 log=yes src-address=\
172.22.2.0/24
/ip firewall nat
add action=accept chain=srcnat dst-address=172.22.2.0/24 src-address=\
10.101.2.0/24
add action=accept chain=srcnat dst-address=10.101.2.0/24 src-address=\
172.22.2.0/24
add action=masquerade chain=srcnat out-interface=ether1_WAN
/ip route
add disabled=no dst-address=0.0.0.0/0 gateway=192.168.1.1 routing-table=main \
suppress-hw-offload=no
/system clock
set time-zone-name=Europe/Rome
/system identity
set name=MikroTik_router_1
/system ntp client servers
add address=pool.ntp.org
add address=it.pool.ntp.org
/system routerboard settings
set enter-setup-on=delete-key
