Comments

  • multi wan is in failover.. but only when wan 2 is the primary accept a route to wan 1 and it works m200 firmware 12.5.7.b640389
  • What does this mean? "if i setup wan 2 like primary " * I mean I change the order in the multiwan section .. If you can get to 2.5.5.100 via the BOVPN, why do you want to add a Network Route? * i can get the ip addr correctly only when the wan involved in the bovpn is the first one in multiwan .. if it is the second i…
  • scenario : wan 1 - wan ip 192.168.100.2 wan gateway 192.168.100.1 wan 2 - wan public ip 2.2.3.3 wan gateway 2.2.3.1 if i setup wan 2 like primary but i set up also a route like this netmask 10.25.10.0/4 gateway 192.168.100.1 it works it i setup wan 1 like primary but i set up a route like this ip to get 2.5.5.100 gateway…
  • @Bruce_Briggs please can you help me :)
  • ok i was totally wrong thank you anyway
  • r u saying this cause it's a strange behavior ?
  • i do not why but to set the route i have to set destination subnet: the one i want gateway (not the ip of the wan) the router ip of the wan interface i assume that this routing has done by the watchguard strange maybe i am totally wrong :)
  • thank you man :) I will keep u update
  • under network->route i setup a rule that say all traffic with destination netmask 1.1.1.1/1 has the gateway setup with the ip of wan 2... and works i think, but the trace stuck at the ip of the wan2..should go on the otherside but it doesnt
  • yep i did it, but also with the correct route setup it stuck on the wan ip address so i suppose it is an isp problem
  • hi all, i have another question about this topic.. if from diagnostic of firewall .. i ping a private ip of site b schema: watchguard firewall wan2 isp mpls wan of site b lan the reply of that ping is allowed to get back to the firebox ? really thanks
  • yep i know it thanks.. and obviusly the wan2 has a public ip address that is not in the sheet i reported wan2 public ip address let's say 2.2.2.3
  • thanks for the reply ... that's the problem also I have a sheet with this data from the customer, but no idea, I suppose it is the ip address of the mpls ipsec .. but not sure. any idea ? really thanks for the time
  • thanks for the reply, but no i don't have to set up the vpn cause the ipsec is carried about the isp with the mpls. i have only to specify an outgoing policy. If i am right, all the traffic not allowed is block, so it's enough I specify a custom packet filter policy for 5656 from the ip I would like. is this correct ?…
  • ok thanks.. really thanks but now i have a big question for what i would like ur help please.. the help of a watchguard guru :)