TP-Link Archer MR600 as failover router

Good Morning,

we're using a Firebox Watchguard T50-W 12.3.1 (Build 585922)

Main router is attached to the Firebox to interface 0 and the port is configured
as an external interface.
In this case we configured it as a static IP and the IP address and Gateway IP fields
are filled with public IPs given to us by our ISP provider.

We attached a second router to port 5; it's using a SIM card.
It's a TP-Link Archer MR600 and internet connection works fine when attached to its wifi or ethernet ports:

https://www.tp-link.com/it/home-networking/3g-4g-router/archer-mr600/

My question is I'd like to configure Multi-WAN but I'm not sure what to put as IP in address and gateway fields
when defining the external interface.

I tried to put

  • IP 172.31.1.2
  • Gateway 172.31.1.1 - which is the IP of TP-Link ethernet port

But when I forced connection of LAN hosts through TP-Link it won't go to the internet.

I'm not sure what line to follow to integrate this type of modem/router attached to the Firebox.

Any help would be very useful.
Thank you very much for your time.

Regards,
Gianmaria Vitale

Best Answer

Answers

  • It works, thank you very much.

  • I also wanted to have VPN SSL failover but I could not get any incoming connections to reach Firebox.

    So in case it might help somebody, in my case the 4G router showed
    a private IP address in the connection information page.
    That means the SIM card used is only meant for browsing
    the internet and does not accept incoming connections so
    DMZ and port forwarding will not work unless you call the ISP
    and tell them your needs.

    Look up the red text here:

    https://www.tp-link.com/it/support/faq/785/

  • Can you log into the 4G router and verify if its WAN IP is in a private range? If the 4G router's WAN IP is a private IP, then the "provide the customer a private IP, that will cause you can’t use the OpenVPN or port forwarding and affect the NAT Type" makes sense.

    However, if their router gets a public IP on its own WAN and "provide the customer a private IP" just means that it feeds a private IP to your Firebox' WAN port, then DMZ should work for the SSLVPN. So, let's say the 4G router has a public IP on its own WAN and it gives your Firebox a WAN IP of 192.168.99.101, then you would need to put 192.168.99.101 into the DMZ of the 4G router.

    Gregg Hill

  • Hi Greggmh123,

    this is what I can see from the "Internet" section of the router.
    Even in the remote management section you can see the pre-filled
    URL you're supposed to go to when remote managing the router (if enabled) showing the same private IP address.

  • I tried to do simple port forwarding on my laptop exposing port 80 for example and finding out the public IP via enabling DDNS but the public IP seems not to respond to any connection to any port.

  • Here's the screenshot:

    screenshot

Sign In to comment.