OK sports fans…I’ve been trying for months to setup the Watchguard XTM520 I have here which has live licenses in it to use as my primary firewall. My ISP provides two (2) dynamic IPs per circuit. THey do NOT support DHCP relay though, so this makes things more difficult. Both of my ROS 6.11 are installed on Watchguard X1000 hardware (x86, 1200 MHz celeron, 256mb RAM and CF flash as storage, six Ethernet ports 10/100).
What I had to do is put dumb ethernet switches behind each modem. I have two ports going to each ROS box. One is my primary connection into the router and the other one goes into a port that is BRIDGED to another ROS port and that goes to the Firewall.
You would think this is simple and would work out of the box, eh? Nope!
SOmetimes one of the WAN ports on the firewall will get a DHCP lease. and with the lease nothing goes in or out. the other WAN port can’t pull anything. duplex is not mismatched. CUrrently these interfaces are set to AUTO/AUTO because of the dumb switch.
If I unplug the second Ethernet cable from the switch and plug it directly into the WAN ports of the firewall it all works perfectly but then that traffic will not filter through the router which is what I want it to do. All my tunnels and OSPF routing is defined on the Mikrotiks. I force voice and tunnel traffic out my 10M interface and use my 50M interface for everything else. I also want symmetric routing and if I leave the Firewall connected to the dumb switch then I have asymmetric routing.
I’ve been too close to this so need other eyes and ears to bring me out of reality. THe one thing I was going to try was connect a laptop up to the “bridged” interface and see if that works.
I’ve been on the phone with Watchguard dealing with multiWAN routing issues and that is now resolved and working as it should. We just can not work when it is connected to the router.
I’m open to any suggestions.
Thanks leon