Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Unplug WAN cable on primary and lose internet access

    Scheduled Pinned Locked Moved
    HA/CARP/VIPs
    lan failover routing wan sg-1100
    1
    1
    457
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • F
      frenzy_usa
      last edited by frenzy_usa

      My problem:
      Pulling the ethernet cable on the WAN port of the primary firewall blocks all internet access.

      My observations while troubleshooting:
      If I turn off the primary firewall via diagnostics->halt, internet access resumes shortly after the primary firewall finishes shutting down. The secondary firewall shows that it is the master for both WAN and LAN. When I turn the primary firewall back on, it takes over as master for the WAN and LAN and the internet continues to work.

      If I unplug the ethernet cable on the WAN port of the primary firewall, I no longer have internet access. The secondary firewall shows that it is the master for the WAN and is the backup for the LAN. When I plug the ethernet cable back into the primary firewall, internet access resumes a few seconds later.

      Unplugging the LAN cable from the primary firewall does not interrupt internet access. Carp status on the secondary firewall shows it is the backup for the WAN and the master for the LAN.

      Also having trouble pinging the WAN IP of the secondary firewall. I'm hoping this is related.

      None of the clients on the LAN are able to ping the WAN IP of secondary firewall. The primary firewall is also unable to ping the WAN IP of the secondary firewall. I can ping the WAN and LAN IP's of primary firewall, the WAN and LAN virtual IP's, the WAN gateway IP, and the LAN IP of secondary firewall.

      The only NAT rules I have are the ones created when I setup the firewalls for high availability. All of the NAT rules have been set to use the WAN virtual ip instead of the WAN address.

      Where should I be looking to find the cause of the problem?

      Edit (2020-02-01 1937):
      Resetting both firewalls back to factory defaults and going through the setup process again did not resolve the problem.

      Putting the primary firewall into persistent maintenance mode causes the secondary firewall to take over and the internet continues to work.

      While doing more research and troubleshooting, I noticed that the LAN VIP does fail over to the secondary firewall but after 2 or 3 seconds it jumps back to the primary firewall. As soon as it jumps back to the primary firewall, I no longer have internet access.

      Edit (2020-02-02 1401):
      Tried a different switch and ethernet cables on the firewall LAN ports. Still no internet access through the secondary firewall when I unplug the WAN cable on the primary firewall.

      1 Reply Last reply Reply Quote 0
      • First post
        Last post