Greetings,
For the sake of clarity, here is my current physical configuration:
Main firewall:
WatchGuard Firebox T15
Router (behind the firewall):
MikroTik hEX
The T15 is in a separate network (172.16.0.0), but my LAN is in the range 10.0.0.0.
Interface 01 on the T15 is 172.16.0.1 and is plugged in the LAN port 1 of the MikroTik.
Both the T15 and the MikroTik have a route to communicate with each other (including 0.0.0.0 on the MikroTik).
The DNS is the T15 (172.16.0.1). DNS forwarding is activated on the interface 01.
The DHCP server is the MikroTik (10.0.0.1).
The getaway is the MikroTik (10.0.0.1).
The getaway of anything plugged in the LAN is 10.0.0.1 (the MikroTik). The reason I had to do that is because some devices like my Synology NAS or my Nintendo Switch were not able to access anything external when I used 172.16.0.1 as the getaway (this was working nicely in Windows and my cellphone using the wireless with an AP for example).
I was always receiving DNS errors and the Synology NAS was not accepting a getaway outside of 10.0.0.0.
With the getaway as 10.0.0.1, all external request are very slow, like opening a webpage, accessing anything external apparently.
I do not use the MikroTik as a DNS server, DNS cache is also disabled (allow external requests on the DNS options).
With the getaway 172.16.0.1 (for testing purposes), all external requests seems to behave correctly, any external "requests" is at least 4 to 5 times faster than with the MikroTik as a getaway, but as I said, the Synology NAS cannot access the outside with this getaway (for updates etc.) and the Nintendo Switch, 3DS and such give me DNS errors.
What am I missing?
From my point of view, it seems external requests issues are from the MikroTik, maybe I need a firewall rule, a route or another configuration I completely overlooked.
I saw nothing in the T15 logs about delays or long DNS issues/forwarding.
May you help me out with this please?
Thank you for your time, it is greatly appreciated.