We have a pepwave 5g transit that has…
WAN (300mb hardline connection)
Cellular (ATT) connected with external antenna to the pepwave.
The cellular is setup in “standby” mode. So WAN is primary and when it goes down cellular takes over.
If the WAN comes back on, it fails back.
Right now its just setup as NAT, where it gives the LAN an internal IP. (192.168.19.1).
The pepwave connects directly to a (house firewall) WAN port. (which makes a double NAT situation)
Question: If I turn on “IP passthrough” on both cellular and WAN. Will it pass through the “real public” IPs to the (house firewall)? I assume I HAVE to use DHCP on the (house firewall) WAN port for that to work?
Question 2: How would the (house firewall) know to switch DHCP when the pepwave fails over? I assume it would hard reset the port? Or have VERY low DHCP lease time?
Also if I do this, does this break incontrol2 access?
So I use my Max Transit 5G as a 5G cellular modem WAN2 failover on a 3rd party firewall appliance. I have IP Pass-through enabled on Max Transit and my WAN2 port on my 3rd party firewall pulls in the public IP. Hope that helps.
It will passthrough whatever IPs are assigned to the WAN port and cellular connection respectively, be they real public IPs or private IP’s or CNAT IPs.
Yes.
DHCP renew is set to 10 secs. When failover occurs and firewall tries to renew, DHCP server responds with a DHCP NAK and assigns the new IP. When the original WAN recovers the same thing happens in reverse. Total outage time on failover (WAN cabled unplugged) last time I tested was 11-12 secs on average,
1 Like
Dang the IP passthrough DHCP lease time is 10 seconds? I read somewhere it was 2 min?
Do I need to set it to 10 seconds?
Do I need to turn off the LAN dhcp?
Nope. When you enable the IP Passthrough on the transit and then connect a device as a DHCP client, the transit automatically sets the DHCP renewal time to 10s. You can’t manually set it that low for a LAN connection anyway (smallest is 1min).
In the transit? No you don’t. IP Passthrough overrides the LAN settings.
1 Like
Just FYI: It gives my firewall 2 min lease time not 10 second
Interesting.
My laptop connected to a BR1 Mk2 with IP Passthrough Set definitely gets a 10sec lease time.
Although RFC1541 specified a minimum lease time of 60mins for DHCP that was removed in RFC2131.
Run a network capture on your device and check the DHCP Offer from the transit. I wonder if its offering 10sec, but your firewall thinks that’s too crazy low and sets it to 2mins instead…what is the house firewall?
1 Like
