LAN goes haywire when ISP is connected

I have multiple locations where i've spoken with ISP where I request that the service disable the Firewall, NAT, IPv6, and DHCP (Essentially ask that it be put in bridge mode) and it knocks everything on LAN offline. I have cellular failover that still works, but I have to literally disconnect the ISP connection in order for the LAN to come back online. I'm going berserk.

Comments

  • Does your firewall get a public IP addr when this change is made?

    The LAN has a private subnet IP addr, correct?

    Anything in Traffic Monitor to help understand this?

    Can you tracert to a public web site IP addrs and to a public web site domain name from the firewall when this happens?

  • I have static ip addresses for these locations and i set the first port with the static IP, CIDR, and gateway. Correct, my lan is a flat network starting with 192.168.xx.xx. I can rdp into client stations through the VPN, when it starts happening but none of the clients are able to get out onto the internet (Least I wasn't able to ping 8.8.8.8, so i didnt bother with tracert). But once I disconnect ISP Service it works fine,. . I'm working with a consultant tomorrow to see if i can troubleshoot this further but its just the weirdest thing. Also, I've had to remove the ISP from Link Monitor setup for it to connect (And obviously I've rebooted the WatchGuard).

  • Have you involved the ISP in troubleshooting when this happens?

    When in doubt, blame the ISP.

  • Ill update with any solutions. Thanks for the input. I'm currently massaging in Rograine for the missing hair ive pulled out.

  • tracert shows you the path that packets take and can help understand if problems are related to routing.
    Routing issues external the the firewall are caused by ISPs

  • Tools such as PingPlotter could help here. They show graphically a tracert result to a remote IP addr and can show locations of latency on the route.
    https://www.pingplotter.com

    Also, are you using your ISP's DNS server(s)?
    If so, try using public ones, such as one from Google - 8.8.8.8 or 8.8.4.4
    https://developers.google.com/speed/public-dns

  • ISP Put a filter behind modem that went bad. Dispatch said it was to lower the signal to the modem. Why would they install something like that? Thanks for the tips with pingplotter and public DNS. Ill use them in the future.

Sign In to comment.