Comments

  • It was the route. We had the ISP add a route for 15.232.120.252/30 to 15.232.120.194 and the adtran is now reachable.
  • We will do that after hours. But why does the WG document say we need to add a route on the ISP router? See screengrab.
  • Something isn't working right then. I plugged in a PC to Eth6, where we have the optional network setup for the adtran (unplugged adtran) and set it up with static IP of 15.232.120.253, with gw of .254. It can ping the .254 of the optional interface, and can ping the .194 IP which is the WAN IP on the WG. But it can't ping…
  • Sorry typo in my description there, we did change the WAN to a .194/27 I'll edit the first post. So question still remains about the route requirement
  • Thanks James, we do have a support contract and will open a ticket soon. We verified our backup Comcast connection also is off by 1 port. I'm also testing a theory that it's a corrupt config file, so I'm building a new one from scratch that I'll load in from policy manager, mostly just for curiosities sake. For now we're…
  • If the fiber link goes down, we'd like to still have internet access. We have a local DC at the site, so users could still get dhcp/dns/internet. Our BOVPN to head office would also failover, so we'd still be able to get at the file servers, phone system, and the like at that office. So yes we'd lose access to the servers…
  • In one site it's a E3800 stack of 4x48 ports. In other site it's a 8212zl with a bunch of different modules in it.
  • So an any policy with any-trusted on the to/from doesn't work, but an any policy with specific host IP's listed does work.
  • An update, it seems like the firewall is not matching traffic properly. The first thing I did troubleshooting this morning was creating an "ANY" rule, allowing traffic from any-trusted to any-trusted, that is set to allow, and is rule#1 in priority. Yes in the WG logs, we see a line like: 2020-02-20 12:55:12 10.1.0.1…
  • no, we had to disable a couple PBR policies we had setup on the old 5 series devices when we swapped them to the M370's, never bothered setting up the equivalent SDWAN afterwards, the PBR stuff was just for test.