T10-W Trusted Internal port


Having issues with my ISP and speeds. Changed External port to 1000 Full. All good.
Then changed Trusted Internal port to same. All internal traffic stopped on that interface. Cannot connect. Does not issue DHCP. Set static IP on PC, still cannot ping it.

Rebooted. No change.

I managed to get to external web IP and changed Internal trusted back to Auto, all is good. But I want 1000 Full. Can this box not support that?

What would cause such a simple change to bork that interface? I fail to comprehend.




  • Options

    Both devices - the firewall interface AND whatever is connected to it must be set to the same.
    So the switch port which is connected to the Trusted interface must also be set to 1000 Full when you change the Trusted interface 1000 Full.
    Auto is generally the preferred.

    You can see the possible settings and the current connection speed/duplex for the firewall interfaces in:
    WSM Firebox System Manager -> Status Report - Physical Interfaces Link Status section

    You can see the current connection speed/duplex for the firewall interfaces in:
    Web UI -> Dashboard -> Interfaces -> Details tab

  • Options

    It is my understanding that Gigabit is always 1000Mbps full duplex and that there is no half-duplex in Gigabit networking. So having it on Auto should connect at Gigabit speeds and full duplex when connected to a Gigabit switch that also is on Auto.

    On rare occasions, I have had to add a small switch in between the ISP device and a firewall due to vendor incompatibilities, but it has been at least a decade since I had to do that.

    Gregg Hill

  • Options
    james.carsonjames.carson Moderator, WatchGuard Representative

    Like the others said, there's no such things as 1000/half -- so if you're running gig, it's full duplex.

    The firewall follows networking standards as do many other devices -- if it's set to auto negotiate, and doesn't receive any negotiation, it'll fall back to 10/HALF. (The notable exception to this is ports 0, 1, and 2 of the M200/300.)

    Unless you have the ability to set both sides to manual matching duplex settings, auto is the way to go. Unless you're running into a problem with speed/duplex negotiation, there's generally no need to set it off of Auto.

    Fast Ethernet (in its infancy) was notoriously bad at auto-negotiation, and there are still vestiges of recommendations to always set manual speed duplex. In modern networks, it's often not needed.

    -James Carson
    WatchGuard Customer Support

Sign In to comment.