MTU settings in WebUI or initial deployment.
Weird one, all related to the circumstances of the environment rather than the Firewall itself. Cloud Managed must initially deploy WAN on ETH0, but if your environment requires an MTU under 1500 then cloud managed lacks options to resolve this.
- Add Device as Cloud Managed > Set IP addressing (No MTU options present at this stage)
- Device deploys as cloud managed, all interfaces set at 1500, device password hits, Cloud Managed WebUI takes over, i.e. some of that initial config has taken place.
If ETH0 requires an MTU under 1500 am finding the firewall remains in a “never connected” state, never connected means no configuration is possible in WGC i.e whatever you do here isn’t deployable if its in the never connected state. In addition, the CLI prompt changes to Cloud Managed meaning no config options from CLI either. So am left with a cloud managed firewall that believes its cloud managed but never connects into WGC so I can’t fix it.
Am sure this is a rare circumstance and am also not yet 100% sure its MTU but I have repeated it a few times and end up with a device that I can’t configure from WGC, CLI or any other method to repair it.
Comments
Hi @Devlin_R
We have had similar issues with folks using rapiddeploy.
If the firewall is unable to connect because it's assuming 1500 MTU, does putting a device in front of that provides the firewall DHCP and is set to that lower MTU help?
For a device like this, does starting with a locally managed firewall and moving it to cloud management work? There is a step when moving over a cloud managed firebox where the firebox will continue to run on the old config until it is given a cloud config. In that type of circumstance, that would allow you to set the interface parameters so the firewall can connect, and be ready to pull the config when one is made available for it.
-James Carson
WatchGuard Customer Support
Hi James,
Its a good idea Local > Cloud, ill give that a spin.... thankyou