Watchguard failover wan link -can ping etc but not browse

Home Forums Networking General Networking Watchguard failover wan link -can ping etc but not browse

This topic contains 6 replies, has 4 voices, and was last updated by  Dext 9 months, 1 week ago.

Viewing 7 posts - 1 through 7 (of 7 total)
  • Author
    Posts

  • 5habbaranks
    Member
    #167459

    Hi,
    I have a strange problem where I’m using a FTTC connection as a failover for my WatchGuard WAN link. I’ve setup multi wan with failover and pulled the plug on the primary link. The WatchGuard fails over as should and doing a tracert it routes through the second wan link but I just cant browse. The logs on the router are showing red “all gateways in policy routing table are down drop this packet” I setup an explicit policy to allow my IP to any external to test and still no joy.

    Any ideas whats causing this?

    Thanks


    Anonymous
    #372097

    If ping to an ip works but names don’t, check your dns settings. Is a change needed due to the wan change?


    wullieb1
    Moderator
    #245743

    I would hazard a guess, agreeing fully with RicklesP, that your forwarders in DNS are not responding as your trying to connect from a network outside the forwarders remit.


    Dext
    Member
    #379171

    Thanks guys the DNS on the watchguard is pointing to our internal DNS (192.168.0.251) with forwarders configured – the forwarders IP is 8.8.8.8 and 8.8.4.4 which is why its confusing.

    I Googled the log failure message which seems to point to a failed config in the failover but there isn’t much to configure “all gateways in policy routing table are down drop this packet”.

    I plan to plug a laptop into the FTTC connection tomorrow to test I can get out using the same interface config (user pass IP etc)


    wullieb1
    Moderator
    #245745

    Change the forwarders you use away from those. Get your local ISP DNS Servers as they will more than likely be quicker than Googles public DNS servers. I typically only ever use these for testing that pinging is working as they are always on.


    Dext
    Member
    #379172

    The problem with changing them to the ISP DNS servers is for the reasons above – if you failover to another ISP then you need to use their DNS servers and vice versa


    Dext
    Member
    #379173

    Found the issue there were specific routing rules within a policy which specified to use WAN 1 rather than follow the failover policy. Yet to test but I’m certain its that.

Viewing 7 posts - 1 through 7 (of 7 total)

You must be logged in to reply to this topic.