Disable FW on BGW320-500

The "Invalid IP packets" apparently were ill formed.  There's no point in passing badly constructed packets.  The others probably didn't pass because they are unsolicited traffic.

Have you configured your Gateway to tell it what to do with Unsolicited Traffic, given that those are IPv4 addresses and NAT is likely involved?

You are right, that is ICMP traffic egressing my WAN but the ingress was through a GRE tunnel. So the gateway is not able to keep the ICMP state.

How can tell the gateway what to do with this type of traffic??

I thought FW was what controlled that.

There are a variety of destination IPs on those ICMP packets?  Are you sure those are associated with your PP2P tunnel? 

Sorry, misread what you said.  GRE packets won't say they're TCP packets.  A TCP packet inside a GRE tunnel wouldn't show up as a TCP packet here, because it's encapsulated in the GRE traffic. 

When running a single IPv4 address on your router with multiple devices behind it, you have NAT.  When you have NAT, and an unsolicited packet arrives, the router needs specific instructions on what to do with it.  The setup for IP Passthrough and Port Forwarding (under NAT/Gaming) can tell it what to do.

The NAT thing is not applying to me, I do have a Public /29 block and the 104.X.X.X is assigned directly to the FW WAN interface, so the ATT GW is not doing any NAT, all traffic egress from my FW WAN already NATt'ed.

For me, the ATT router is the GW of my WAN interface. So I don't need Passthrough or something like that, what I want is that GW act as L3 router, not as a L4 gateway

Thanks

Ah.  You could have mentioned such details.  Given static IPs, you should be good to go.

I'm not, the ATT Router is still blocking that ICMP traffic.

Any idea how to solve it?

It's dropping packets it has determined are malformed.  You're not going to change that behavior.

@JefferMC  In the first post the OP has everything under firewall off. Can the gateway actually pass traffic through the gateway with all those turned off? 

Yep.  Turning things "off" there typically means to not block traffic in that category, so "Off" means less filtering, more traffic.

So in the OP’s setup the FW/router is controlling all traffic and the gateway is just a connection to the internet like a cable modem?

Could I turn off ip passthrough in my own setup and still connect to the internet with a wireless router connected to the gateway?