View Full Version : New ISP is going to be primary... GW dashboard object has old ISP's external IP

B A Booracus
2011-07-19, 20:30
Hello all, thanks for the help in advance, I'll try to keep it short and sweet.


**R65 Distributed deployment, no clustering
**Customer has new ISP that is faster. Wants to implement ISP failover (Primary/Backup mode) and make new ISP primary
**We configured ISP failover according to the r71 Firewall Admin Guide
**Discovered through fw monitor that packet is being NATed to the old ISP's external Gateway address
**Checked out Dashboard and Gateway object is configured with the OLD ISP's external address in General Properties
**Customer has Manual hide NAT rule, and the GW object (with old IP if you 'hover' over object with cursor) is in the Xlated packet

Fix (I'm assuming) and things to check for:

**Simply change the IP address in GW object's Dashboard General Properties?
**IF he is using Central licensing, no change needed
**Make sure to check for any statically NATed objects to the old IP of Gateway, or anything being NATed to another IP in the same range of the old ISP, if this is the case, then also check and correct ARP table entries to the GW for all hiding addresses
**routing table entries

Does anyone see anything else that I should look out for?

2011-07-19, 20:39
The only other issue I had when swapping ISP's was that the firewall with the new ISP somewhere retained the external old IP address somewhere that could not be found. It took a reboot of the firewall to clear it. This was R70.30.

We had two firewalls. ISP A on one and ISP B on the other. We discontinued ISP B due to cost.

We moved the circuit for ISP A to the firewall that used to have ISP B. It worked fine.

We hooked up ISP NEW to the first firewall, the one that used to be ISP A. It worked fine.

But when we tried to connect from the firewall that now has ISP A to the firewall with ISP NEW, the traffic got dropped by anti-spoofing.

The IP address was nowhere to be found. Not in ARP, not in DBEDIT, nowhere. Must have been in memory somewhere.