5268ac firewall blocking public static IP addresses
I have a public IP subnet that I pay for from AT&T on my Uverse Internet service at home. I’ve had this configuration for 5+ years and never had a problem until now. This was originally setup on a 2Wire modem. Early this year I upgraded service and the 2Wire was replaced with the Pace 5268ac modem. The 5268ac has continued to work perfectly until now.
I have a Fortigate firewall behind the Pace modem so I want the Pace to pass the traffic without any firewall intervention from the Pace. This has been working fine (for years) until now. In the Pace under Settings->Broadband -> Link configuration, I have the public IP range defined in the Supplementary Network section. All my public IPs route properly to/from the Fortigate firewall. I only use two of the static addresses for traffic. Both continue to work fine for all outbound traffic. However, inbound traffic recently stopped working on one of them. After much poking around, I’ve nailed it down to the Pace blocking all inbound traffic and not recognizing the second public IP.
In the Pace, under Settings->LAN->LAN IP Address Allocation, the modem (in the past) listed both static IPs. It picked them up automatically. From there I simply selected “Disable” firewall for each IP and everything works fine. Suddenly it is only recognizing one of my two public IPs in this configuration screen. That one continues to work fine, the other does not (for inbound traffic), all outbound for everything continues to work properly. Somehow in the last few days the modem stopped recognizing the additional static IP addresses. Looking at the modem’s firewall log, I can clearly see it blocking inbound traffic to my one public IP that it doesn’t recognize in LAN IP Address Allocation.
I’ve tried various changes to the modem, firewall settings, routing settings, up to and including a factory reset. It continues to only see one of my static IP addresses, so I can’t disable the firewall on the other.
What has changed in recent days or weeks that now the modem only sees one static IP address even though it is properly routing the entire subnet? In doing some digging online, it looks like the 5268ac recently received firmware updates, so it wouldn’t surprise me if a firmware update broke this. Anyone have any ideas?