5habbaranksMemberMarch 13, 2018 at 2:41 pm #167459
I have a strange problem where I’m using a FTTC connection as a failover for my WatchGuard WAN link. I’ve setup multi wan with failover and pulled the plug on the primary link. The WatchGuard fails over as should and doing a tracert it routes through the second wan link but I just cant browse. The logs on the router are showing red “all gateways in policy routing table are down drop this packet” I setup an explicit policy to allow my IP to any external to test and still no joy.
Any ideas whats causing this?
AnonymousMarch 13, 2018 at 2:47 pm #372097
If ping to an ip works but names don’t, check your dns settings. Is a change needed due to the wan change?
wullieb1ModeratorMarch 13, 2018 at 2:54 pm #245743
I would hazard a guess, agreeing fully with RicklesP, that your forwarders in DNS are not responding as your trying to connect from a network outside the forwarders remit.March 13, 2018 at 3:25 pm #379171
Thanks guys the DNS on the watchguard is pointing to our internal DNS (192.168.0.251) with forwarders configured – the forwarders IP is 18.104.22.168 and 22.214.171.124 which is why its confusing.
I Googled the log failure message which seems to point to a failed config in the failover but there isn’t much to configure “all gateways in policy routing table are down drop this packet”.
I plan to plug a laptop into the FTTC connection tomorrow to test I can get out using the same interface config (user pass IP etc)
wullieb1ModeratorMarch 13, 2018 at 8:15 pm #245745
Change the forwarders you use away from those. Get your local ISP DNS Servers as they will more than likely be quicker than Googles public DNS servers. I typically only ever use these for testing that pinging is working as they are always on.March 14, 2018 at 2:15 am #379172
The problem with changing them to the ISP DNS servers is for the reasons above – if you failover to another ISP then you need to use their DNS servers and vice versa
You must be logged in to reply to this topic.