Announcements

For the latest on our response to Coronavirus (COVID-19), click here.

Contributor

 • 

2 Messages

Thu, Jul 18, 2019 4:01 AM

DMZ Mode Impacts Internet Speed

On Pace 5268AC Gateway, I have a Nighthawk router set up as DMZ to essentially put the gateway into bridge mode. After several technical support reps and technicians, it was determined that all of AT&T equipment has firmware that significantly cuts the internet speed to anything in DMZ mode (I get 120mb down and up, but the DMZ router only gets about 40 down while the up stays at 100+). However, today it seems this has changed and now the DMZ router gets ZERO internet. Can AT&T please update the firmware to allow full speed to the DMZ router or any speed at all for that matter?!

Responses

Accepted Solution

Official Solution

Brand User
ATTHelp

Administrator

 • 

111.5K Messages

8 months ago

We're here to help, @razorbacksfan07.

We are aware of the firmware issue with the Pace 5268AC that causes a speed cap when using DMZ+ on a 3rd party router. Thanks to our community here on the forums, we were able to identify this workaround, which should fix the speed problem.

Let us know if this helps.

John, AT&T Community Specialist

Still need help? Ask a question! Our 1.4 million members typically respond within 1 hour.

*I am an AT&T employee, and the postings on this site are my own and don't necessarily represent AT&T's position, strategies or opinions.
tonydi

Guru

 • 

533 Messages

8 months ago

What's the firmware date on the Pace?

 

There are a few threads starting in other Internet forums that suggest that AT&T just pushed new firmware to the Pace that, ONCE AGAIN, broke the DMZ+ mode.

 

Sigh....

Tutor

 • 

6 Messages

8 months ago

I'm not OP, but I can verify that 11.3.1.532191-att doesn't slow internet access, it completely severs IPv4 connectivity for DMZPlus mode.  IPv6 works perfectly fine.  I did numerous packet captures and tried whatever I could to get v4 working again, you can see the traffic go out but literally nothing comes back, ever, at all.  It's just SYN, SYN, SYN going out while your devices desperately try to establish connections.  ICMP _does_ work.

 

Ultimately, I just flipped the garbage 5268AC out of DMZPlus and had to make a few specific firewall rules, but IPsec VPNs can _not_ function behind the device in any mode except DMZPlus, so I've lost that connectivity for now (IPsec/L2TP from my phone and laptop back to home systems).  I have the appropriate firewall rules added for AH/ESP, UDP 500 & 4500... that was a known issue for me anyhow and is consistent with previous firmware versions, they all break inbound IPsec in any mode that isn't DMZPlus.

Contributor

 • 

2 Messages

8 months ago

AT&T's response above seems to work thus far, resulting in open NAT for gaming on multiple consoles through settings on my personal router. 

Tutor

 • 

2 Messages

8 months ago

This setting fixes  the problem but breaks the Pace  5268AC's   VOIP for outbound calls. Can call out but the called party cannot hear me. Inbound calls work normally. Is there a fix for this?

Tutor

 • 

2 Messages

8 months ago

This setting fixes  the problem of  the firewall  but breaks the Pace  5268AC's   VOIP for outbound calls. Can call out but the called party cannot hear me. Inbound calls work normally. Is there a fix for this?

Tutor

 • 

4 Messages

7 months ago

I'm on 11.3 and I can't use DMZ+ at all. No IPv4. Also, the pace doesn't properly hand off the /60 IPv6 so I can't distribute IPv6 addresses.  I just asked for a new router, and i specifically requested the Arris. I'm sure they'll send me another Pace.

tonydi

Guru

 • 

533 Messages

7 months ago

Maybe not.  We've had two reports in the forum over the last week where they were shipped the Arris so maybe AT&T finally got enough inventory.  Of course the BGW will currently accept a third party router (using IP Passthrough) so that's a plus but it still isn't all that.  And of course with the crack AT&T firmware team lurking, who knows what disaster they'll bring next.

Tutor

 • 

6 Messages

7 months ago

@h50 yup, it's been nearly 2 months since I made my post up there and DMZPlus remains 100% broken if you're on the 11.3 firmware. It's really just shockingly bad that A) they rolled out a broken firmware when less than 10 minutes of testing would have found that it completely kills connectivity for anyone in DMZPlus mode and B) two months later they're _still_ on that broken version and still pushing it out to other people.

 

Creating the NAT pinholes with the wide port range is a hack but not a fix, you still encounter strange gotchas when not in a true bridged/DMZPlus mode.

Contributor

 • 

1 Message

7 months ago

Same issue for VOIP calls had to put phone on different port on the modem to get voice calls working correct. And move from behind my FW.

Tutor

 • 

4 Messages

7 months ago

LOL. They sent me another pace. Sigh. I give up. I'm going with the pinhole solution, but I have a feeling it's adding latency and the aesthetics are terrible.

tonydi

Guru

 • 

533 Messages

7 months ago

@h50 Hang tight, it looks like people are getting pushed a new firmware for the Pace and initial reports indicate that it fixes the DMZ+ issue, among other things.

Tutor

 • 

4 Messages

6 months ago

Any idea what the new f/w version is?

AT&T TV – All Your Entertainment In One Spot.  Learn more…