Skip to main content
AT&T Community Forums
Find the perfect gift for the grad in your life with Graduation gifts that connects us from AT&T.
Get superfast AT&T Fiber internet
Check availability
bredptm's profile
bredptm
#1 Star!

2 Messages

Monday, May 6th, 2024 4:32 PM

Firewall failover cluster behind BGW320-500 with Static /29

I can't seem to find a way to pass our static IP block through the RG to our redundant firewalls which each need to have their own address and 2 that they share between them for failover. I am not able to get inbound traffic such as VPN to pass to the firewall. I have tried passthrough with manual IP assignment, ant the best I could achieve was traffic originating from the LAN to internet works fine, but traffic originating from the internet is being dropped, even with the packet filter firewall disabled in the RG.

It seems cascaded router option won't work because that binds to one device MAC address and may or may not still do NAT, which will again cause VPN to not work.

Does at&t have any other option than the BGW320 that will work since it seems this device isn't capable of being made "dumb" enough?

Why does at&t provide a residential gateway for business service anyway?

Questions

 • 

Updated 

21 days ago

31

3

0

Accepted Solution

JefferMC

ACE - Expert

 • 

35.6K Messages

21 days ago

I can't seem to find a way to pass our static IP block through the RG to our redundant firewalls which each need to have their own address and 2 that they share between them for failover. I am not able to get inbound traffic such as VPN to pass to the firewall.

Nope, you probably can't.  The Gateway has a one IP per MAC address rule, and your requirements don't look like they fit that.

I have tried passthrough with manual IP assignment, ant the best I could achieve was traffic originating from the LAN to internet works fine, but traffic originating from the internet is being dropped, even with the packet filter firewall disabled in the RG.

IP Passthrough has nothing to do with a Public Static block (other than changing how the SINGLE destination IP for the Public Static block router is configured).

It seems cascaded router option won't work because that binds to one device MAC address and may or may not still do NAT, which will again cause VPN to not work.

It will not do NAT, but it does bind one IP to one MAC address.

Why does at&t provide a residential gateway for business service anyway?

Your sophisticated firewall configuration is not supported by shared fiber Internet service like you have ordered.  It's a small business service, not an Enterprise Internet service.  You need to get dedicated fiber access, which will get you different equipment and better support... at an increased cost.

(edited)

0

0

bredptm

2 Messages

21 days ago

Thanks JefferMC,

We currently have 100mb dedicated that we are paying out the nose for just to have a useless SLA and apparently, a router that is capable of functioning as necessary. Evidently we will have to cancel the new service and continue pay the 10x price to have the same connection coming in on the same fiber.

The RG is literally plugged into the same Cienna as our ADI so it's kind of hilarious that they refer to them as dedicated and shared services.

0

0

JefferMC

ACE - Expert

 • 

35.6K Messages

21 days ago

I understand what you're saying; think of it as revenue protection.

0

Related Conversations

Loading...

Did this help you?

Tags

fiber

router

Support

internet

Not finding what you're looking for?
Ask a question
New to AT&T Community?
New to the AT&T Community? Start by visiting the Community How-To.
New to the AT&T Community?
Visit the Community How-To.