Port Forwarding when WAN offline

Hi All,

Currently I have an issue with an Balance 30 Pro. Firmware 8.1.0 build 4943. It is installed on a ship.
On WAN 1 I have a Satellite modem connected. which is priority 1.
As Backup I am using cellular.
In order for the Satellite modem be online and to work it needs to communicate with the Satellite antenna which is on the lan side (192.168.10.240) it communicates thru TCP Port 4001.

The problem is that when Health check is enabled there is no communication between. I Put already a Port Forwarding in. I tried Firewall Inbound and outbound allow all. In outbound policy I enforced the Antenna to always use WAN 1. But unfortunate it does not work.
The moment I disable Healtcheck the communication is working directly.

When I am only using WAN 1 it is not a problem. but we also want to use Cellular as backup. And that will not work work when healtcheck is disabled.

So I am wondering if I’m missing something or if you have an good ideas.

My two suggestions would be:

#1 Move he antenna to the WAN side where the two devices can communicate directly. This will probably involve a separate switch.

#2 connect the modem to both WAN1 and WAN2 ports (again via switch). and use WAN2 for the device management traffic, and WAN1 for the health check and internet route. This assumes the satellite link is really a modem, and not a router.

I have done this to directly manage DSL modems in bridge mode.

Add an enforced outbound policy rule with a destination of the IP of the modem and WAN1 selected.

Hi Martin,

Hi Tried that already but unfortunate that was not working.
It looks like that when WAN is offline inbound traffic is not allowed. So the Modem cannot reach LAN side.

Hi Paul,

Option #1 is not really an option, I need to be able to always reach the antenna from lan side., also when modem is offline.

Option #2 sounds like it maybe works. I will try this. thanks.

Hi Peter
An outbound policy rule of enforced is all that should be required. I have done this many times for this exact setup on ships.

Outbound policy should be set to “Enforced” with the source set to “ANT” and the destination set to the single IP address on the device that needs to be accessed on the WAN or the whole subnet if multiple devices.

Please see the example below

You should not need to set up port forwarding and firewall rules

1 Like