Static IP's wont work on T-35W

Our T-35W will only work with DHCP with 2 ATT sites. It was working fine until we moved our office. I thought it was an issue with AT&T, but I tried the 35W at two different sites, and the static IP WAN interface will not work. Could the lack of any of the subscription services be causing this?


  • No it should not.
    Are you sure that this is not an A T & T issue?
    Have you powered off/on the ISP device prior to connecting the the firewall with a static IP addr to the ISP device? If not, try this.
    Have you contacted A T & T on this? Since you have moved, they may need to change their routing tables to reflect the new location of that static IP addr.

  • I have several T35 devices at locations with static IP addresses. Ask AT&T for the usable IPs in the range they gave to you, plus subnet mask or CIDR, and the gateway. That and the DNS of your choice (the ISP's, Google's, your choice) should be all you need.

    Networking is a basic function of the Fireboxes, not tied to any subscription service.

    Gregg Hill

  • Hmm, "Our T-35W will only work with DHCP with 2 ATT sites" makes me wonder what AT&T device you have. I have one site with AT&T & their static IP setup is bizarre, to say the least. It was a long time ago and I think it had something to do with "Public Subnets" in their device.

    Gregg Hill

  • edited July 2020

    On some AT&T routers, there is a "passthrough mode" that may be what you need. You use passthrough mode to pass all inbound traffic to the Firebox.

    Gregg Hill

  • Thanks I will check it out today. Just seems strange that this 35W was working fine until we moved it. I will check out the pass thru.

  • Do/did you have AT&T at your site where it worked? If so, look at that AT&T router's setup if it is a similar router. There is another term that escapes me right now for a firewall behind a firewall in AT&T devices.

    Gregg Hill

  • OK, I just found some old notes. It is called "IP Passthrough" under the WAN settings, BUT this may not be what you need.

    My notes say:
    "I changed the AT&T router’s “IP Passthrough” setting of its WAN IP, 108.x.x.x, to go to the MAC address of the WatchGuard firewall’s WAN port."

    Then I have in my notes, "The only reason I did it that way vs. using one of the 104.x.x.x addresses AT&T assigned was because you have remote devices pointing to that IP instead of using a DNS name for remote access. DNS is better!"

    That client had five static IPs on the 104.x.x.x subnet, but we had to use the WAN IP in particular because they had external devices pointed to it by IP vs. by DNS.

    I knew there was something funky I had to do, and now I know why, so it may be unrelated to your issue.

    Gregg Hill

Sign In to comment.