Hi
As to routing to the internet I dont' se any problems - Maybe a get int and get zone could cast some light on this.
The problem I see is the routing to and from the public net.
Here I would expect the below output:
Pv4 Dest-Routes for <trust-vr> (7 entries)
-------------------------------------------------- ------------------------------------
ID IP-Prefix Interface Gateway P Pref Mtr Vsys
-------------------------------------------------- ------------------------------------
* 14 0.0.0.0/0 adsl1/0 81.139.128.1 C 0 1 Root
* 12 81.139.136.107/32 adsl1/0 0.0.0.0 C 0 0 Root
* 13 81.139.136.107/32 adsl1/0 0.0.0.0 H 0 0 Root
* 2 192.168.0.1/32 bgroup0 0.0.0.0 H 0 0 Root
* 16 192.168.2.0/24 n/a public-vr S 20 1 Root
* 1 192.168.0.0/24 bgroup0 0.0.0.0 C 0 0 Root
IPv4 Dest-Routes for <public-vr> (6 entries)
-------------------------------------------------- ------------------------------------
ID IP-Prefix Interface Gateway P Pref Mtr Vsys
-------------------------------------------------- ------------------------------------
* 2 192.168.2.1/32 bgroup2 0.0.0.0 H 0 0 Root
* 1 192.168.2.0/24 bgroup2 0.0.0.0 C 0 0 Root
* 7 192.168.1.0/24 n/a home-vr S 20 1 Root
* 5 192.168.0.0/24 n/a trust-vr S 20 1 Root
IPv4 Dest-Routes for <home-vr> (7 entries)
-------------------------------------------------- ------------------------------------
ID IP-Prefix Interface Gateway P Pref Mtr Vsys
-------------------------------------------------- ------------------------------------
* 10 0.0.0.0/0 adsl2/0 217.47.111.250 C 0 1 Root
* 2 192.168.1.1/32 bgroup1 0.0.0.0 H 0 0 Root
* 8 86.140.156.194/32 adsl2/0 0.0.0.0 C 0 0 Root
* 9 86.140.156.194/32 adsl2/0 0.0.0.0 H 0 0 Root
* 6 192.168.2.0/24 n/a public-vr S 20 1 Root
* 1 192.168.1.0/24 bgroup1 0.0.0.0 C 0 0 Root
one way to troubleshoot the inability to communicate towards the internet from the Home part of the firewall would be doing debugging.
it can be done in the following way:
First you setup a flowfilter to record only the traffic you need to debug.
set ff src-ip xx.xx.xx.xx dst-ip yy.yy.yy.yy
set ff src-ip yy.yy.yy.yy dst-ip xx.xx.xx.xx
debug flow basic - activates debugging
clear db - clears the debug memory in case it should contain information from a previous debug
Now the firewall records what traffic that matches the flowfilter.
get db stream - Gets the content from the debug buffer.
If you want to save the debug information it can be send to a tftp-server.
get db stream > tftp zz.zz.zz.zz debugfile.txt
The debug can be stopped with undebug all
The output will give you information as to what the firewall does with the traffic.