Cannot remove old external interface. Managed BOVPN + Multi-WAN

We switched ISPs in a small remote office. I set the new connection to use port 4 in their T35-W. Old connection was on port 0. I enabled multi-wan and set the new connection as #1. Updated WSM with the new external IP and can confirm all managed BOVPN connections work fine.

Went to disable the old connection, but can't since the DVCP-created gateway has both external connections listed. Can't disable the interface in multi-wan because it needs at least two. Can't manually edit the DVCP-created gateway.

Is there a way to disable the old interface w/o removing and re-creating all the managed VPNs?


  • james.carsonjames.carson Moderator, WatchGuard Representative

    On the management server, go to the properties for the firewall. Remove the IP address(es) of the old interface, click OK, then expire the lease on the firewall. It should remove tunnels pointing to that old interface once it goes from pending back to complete.

    (the hostname/IP address field pictured here:)

    -James Carson
    WatchGuard Customer Support

  • Thanks for your response. I've removed the old interface address 3 times now, but the management server seems to keep repopulating it.

  • james.carsonjames.carson Moderator, WatchGuard Representative

    Make sure when you're expiring the lease on the firewall that you don't have the "download optional/trusted network" checkbox checked. That option will query the firewall for configured interfaces and re-populate your list.

    -James Carson
    WatchGuard Customer Support

  • james.carsonjames.carson Moderator, WatchGuard Representative

    If the issue persists, I'd suggest a support case so that our team can take a look at what's going on. You can open a web case by clicking the support center link at the top right of this page.

    -James Carson
    WatchGuard Customer Support

  • That did it. Thanks so much for your help.

Sign In to comment.