DMZ Mode Impacts Internet Speed

What's the firmware date on the Pace?

There are a few threads starting in other Internet forums that suggest that AT&T just pushed new firmware to the Pace that, ONCE AGAIN, broke the DMZ+ mode.

Sigh....

I'm not OP, but I can verify that 11.3.1.532191-att doesn't slow internet access, it completely severs IPv4 connectivity for DMZPlus mode.  IPv6 works perfectly fine.  I did numerous packet captures and tried whatever I could to get v4 working again, you can see the traffic go out but literally nothing comes back, ever, at all.  It's just SYN, SYN, SYN going out while your devices desperately try to establish connections.  ICMP _does_ work.

Ultimately, I just flipped the garbage 5268AC out of DMZPlus and had to make a few specific firewall rules, but IPsec VPNs can _not_ function behind the device in any mode except DMZPlus, so I've lost that connectivity for now (IPsec/L2TP from my phone and laptop back to home systems).  I have the appropriate firewall rules added for AH/ESP, UDP 500 & 4500... that was a known issue for me anyhow and is consistent with previous firmware versions, they all break inbound IPsec in any mode that isn't DMZPlus.

AT&T's response above seems to work thus far, resulting in open NAT for gaming on multiple consoles through settings on my personal router. 

This setting fixes  the problem but breaks the Pace  5268AC's   VOIP for outbound calls. Can call out but the called party cannot hear me. Inbound calls work normally. Is there a fix for this?

This setting fixes  the problem of  the firewall  but breaks the Pace  5268AC's   VOIP for outbound calls. Can call out but the called party cannot hear me. Inbound calls work normally. Is there a fix for this?

I'm on 11.3 and I can't use DMZ+ at all. No IPv4. Also, the pace doesn't properly hand off the /60 IPv6 so I can't distribute IPv6 addresses.  I just asked for a new router, and i specifically requested the Arris. I'm sure they'll send me another Pace.

Maybe not.  We've had two reports in the forum over the last week where they were shipped the Arris so maybe AT&T finally got enough inventory.  Of course the BGW will currently accept a third party router (using IP Passthrough) so that's a plus but it still isn't all that.  And of course with the crack AT&T firmware team lurking, who knows what disaster they'll bring next.

@h50 yup, it's been nearly 2 months since I made my post up there and DMZPlus remains 100% broken if you're on the 11.3 firmware. It's really just shockingly bad that A) they rolled out a broken firmware when less than 10 minutes of testing would have found that it completely kills connectivity for anyone in DMZPlus mode and B) two months later they're _still_ on that broken version and still pushing it out to other people.

Creating the NAT pinholes with the wide port range is a hack but not a fix, you still encounter strange gotchas when not in a true bridged/DMZPlus mode.

Same issue for VOIP calls had to put phone on different port on the modem to get voice calls working correct. And move from behind my FW.