Watchguard failover wan link -can ping etc but not browse

Home Forums Networking General Networking Watchguard failover wan link -can ping etc but not browse

This topic contains 6 replies, has 4 voices, and was last updated by Avatar Dext 1 year, 2 months ago.

Viewing 7 posts - 1 through 7 (of 7 total)
  • Author
    Posts
  • Avatar
    5habbaranks
    Member
    #167459

    Hi,
    I have a strange problem where I’m using a FTTC connection as a failover for my WatchGuard WAN link. I’ve setup multi wan with failover and pulled the plug on the primary link. The WatchGuard fails over as should and doing a tracert it routes through the second wan link but I just cant browse. The logs on the router are showing red “all gateways in policy routing table are down drop this packet” I setup an explicit policy to allow my IP to any external to test and still no joy.

    Any ideas whats causing this?

    Thanks

    Avatar
    Anonymous
    #372097

    If ping to an ip works but names don’t, check your dns settings. Is a change needed due to the wan change?

    Avatar
    wullieb1
    Moderator
    #245743

    I would hazard a guess, agreeing fully with RicklesP, that your forwarders in DNS are not responding as your trying to connect from a network outside the forwarders remit.

    Avatar
    Dext
    Member
    #379171

    Thanks guys the DNS on the watchguard is pointing to our internal DNS (192.168.0.251) with forwarders configured – the forwarders IP is 8.8.8.8 and 8.8.4.4 which is why its confusing.

    I Googled the log failure message which seems to point to a failed config in the failover but there isn’t much to configure “all gateways in policy routing table are down drop this packet”.

    I plan to plug a laptop into the FTTC connection tomorrow to test I can get out using the same interface config (user pass IP etc)

    Avatar
    wullieb1
    Moderator
    #245745

    Change the forwarders you use away from those. Get your local ISP DNS Servers as they will more than likely be quicker than Googles public DNS servers. I typically only ever use these for testing that pinging is working as they are always on.

    Avatar
    Dext
    Member
    #379172

    The problem with changing them to the ISP DNS servers is for the reasons above – if you failover to another ISP then you need to use their DNS servers and vice versa

    Avatar
    Dext
    Member
    #379173

    Found the issue there were specific routing rules within a policy which specified to use WAN 1 rather than follow the failover policy. Yet to test but I’m certain its that.

Viewing 7 posts - 1 through 7 (of 7 total)

You must be logged in to reply to this topic.