Firewall can't reach internet over second WAN



  • I posted something similar over in the "Installation and Upgrades" section but it probably belongs here. I'm replacing a firewall and have already imported the config from the old into the new. Before putting it in production I need to install the packages. Essentially, I have WAN1 and WAN2 and also LAN1. WAN1 and WAN2 are in a Gateway Group and are configured with WAN1 directly to fiber and WAN21 behind the original network. Devices connected to LAN1 can get out to the internet whether WAN1 or WAN2 is connected so it appears my failover is working properly.

    The issue is that when WAN1 is down the firewall itself can't get to the internet. I can't plug it in because it will take down the network. WAN2 is connected and devices connected to LAN1 are able to get out to the internet so traffic passes. The firewall itself, however, is unable to get to the internet to get the packages. From console I'm unable to ping out as well. Is there something else that needs to be done so that the firewall itself uses the same failover that the LAN1 is able to use?

    At this point the only thing I can think of is that I may need to blank the firewall, install the packages, and then import the config again but I'd prefer not to. I also can't just change the IP on WAN1 either. There are several Virtual IPs that would also need to be reconfigured and a lot of rules that use them.

    Thanks for any assistance!



  • Have you entered the WAN2 gateway into the respective box in the interface configuration.

    If yes, check if there is an outbound NAT rule for WAN2 in place with source = 127.0.0.1/8.
    If it isn't add it manually. You maybe have to switch the outbound NAT to hybrid or manual mode if applicable.



  • It was already in Hybrid mode. I duplicated the NAT for WAN to WAN2 but it didn't help.0_1539361340308_wan2nat.png

    Edit: Clarification