Our Community Forum will be shutting down on June 27, 2024. Please visit att.com/support for all your support needs.
Get superfast AT&T Fiber internet
pcaminog's profile

New Member

 • 

7 Messages

Thursday, April 7th, 2022 8:14 PM

Closed

Disable FW on BGW320-500

Hello,

I'm trying to disable the FW on device BGW320-500. I already seitch off all the security features.

Even with all the security features disable there are some ICMP traffic being blocked.
Can anyone told how to fully disable the FW?
Thanks

ACE - Expert

 • 

35.8K Messages

2 years ago

The "Invalid IP packets" apparently were ill formed.  There's no point in passing badly constructed packets.  The others probably didn't pass because they are unsolicited traffic.

Have you configured your Gateway to tell it what to do with Unsolicited Traffic, given that those are IPv4 addresses and NAT is likely involved?

New Member

 • 

7 Messages

2 years ago

You are right, that is ICMP traffic egressing my WAN but the ingress was through a GRE tunnel. So the gateway is not able to keep the ICMP state.

How can tell the gateway what to do with this type of traffic??

I thought FW was what controlled that.

ACE - Expert

 • 

35.8K Messages

2 years ago

There are a variety of destination IPs on those ICMP packets?  Are you sure those are associated with your PP2P tunnel? 

Sorry, misread what you said.  GRE packets won't say they're TCP packets.  A TCP packet inside a GRE tunnel wouldn't show up as a TCP packet here, because it's encapsulated in the GRE traffic. 

When running a single IPv4 address on your router with multiple devices behind it, you have NAT.  When you have NAT, and an unsolicited packet arrives, the router needs specific instructions on what to do with it.  The setup for IP Passthrough and Port Forwarding (under NAT/Gaming) can tell it what to do.

(edited)

New Member

 • 

7 Messages

2 years ago

The NAT thing is not applying to me, I do have a Public /29 block and the 104.X.X.X is assigned directly to the FW WAN interface, so the ATT GW is not doing any NAT, all traffic egress from my FW WAN already NATt'ed.

For me, the ATT router is the GW of my WAN interface. So I don't need Passthrough or something like that, what I want is that GW act as L3 router, not as a L4 gateway

Thanks

ACE - Expert

 • 

35.8K Messages

2 years ago

Ah.  You could have mentioned such details.  Given static IPs, you should be good to go.

New Member

 • 

7 Messages

2 years ago

I'm not, the ATT Router is still blocking that ICMP traffic.

Any idea how to solve it?

ACE - Expert

 • 

35.8K Messages

2 years ago

It's dropping packets it has determined are malformed.  You're not going to change that behavior.

ACE - Professor

 • 

5.9K Messages

2 years ago

@JefferMC  In the first post the OP has everything under firewall off. Can the gateway actually pass traffic through the gateway with all those turned off? 

ACE - Expert

 • 

35.8K Messages

2 years ago

Yep.  Turning things "off" there typically means to not block traffic in that category, so "Off" means less filtering, more traffic.

ACE - Professor

 • 

5.9K Messages

2 years ago

So in the OP’s setup the FW/router is controlling all traffic and the gateway is just a connection to the internet like a cable modem?

Could I turn off ip passthrough in my own setup and still connect to the internet with a wireless router connected to the gateway?

(edited)

Not finding what you're looking for?
New to AT&T Community?
New to the AT&T Community? Start by visiting the Community How-To.
New to the AT&T Community?
Visit the Community How-To.