1 2 Previous Next 18 Replies Latest reply on Mar 29, 2012 2:29 AM by PhilM

    Trouble Changing Static Route for New WAN IP

      I'm trying to change over to a new internet connection and our WAN IP is changing as a result.

       

      I've gone into Firewall > Network > Routing > Static Routing

       

       

      While there, I tried to change the "Current Default Route" however I can't type anything in that field. Additionally, when I hit the refresh button, nothing changes. I tried to change the single static default route (which is what is currently used for the default route) however it says "There is no route ot this gateway" when I try to save that.

       

      Is there somewhere else I'm supposed to set the static routes?

       

       

      When I look at the "Static Route Status" I can see a couple routes that include the old WAN IP that need to be changed, however, I don't know where to change those routes.

       

       

       

      Any assistance would be greatly appreciated. Thanks!

        • 1. Re: Trouble Changing Static Route for New WAN IP

          The 'Use single static default route' is the correct location to change the default route. When changing any route (default or static), the gateway must be accessible, meaning an IP address is defined on the firewall in the same subnet that the gateway is in.

           

          Have you changed the WAN IP address of your firewall to reflect the new ISP's IP address? If not, try changing the WAN IP address before changing the default route. Or, for the time being, you can even try adding a new WAN IP address as an alias address to the current WAN interface, then change the default route.

           

          The 'Static Route Status' displays a list of the route table. All of the static routes are defined in the same screen in the Admin Console (Static Routing); look there to update any additional routes that need to be changed.

          • 2. Re: Trouble Changing Static Route for New WAN IP

            Thanks for always being so helpful rdestics.

             

            A couple questions to follow up on your response:

             

             

            For the WAN IP address...should this be changed in Network > Interfaces? In that section I have our external network NIC which has all of our public IPs on it so I'm guessing the IP needs to be added there.

             

            The information I received from our ISP includes an IP for their side an a WAN IP for our side of a.b.c.d/30. Since we only received two IPs for the new circuit does that mean that one of them is added to Network > Interfaces and the other is set as the new static route? Or would I use the ISP side IP for the new static route?

             

             

             

             

            The other question is regarding the listed static routes. There is only a single route defined aside from the Primary and Alternate default routes in the static routing area, is it safe to assume that the rest shown in the status must be populated automatically?

            • 3. Re: Trouble Changing Static Route for New WAN IP

              Are you replacing your current IP addresses with the new IP addresses, or will the IP address in the /30 subnet be an additional (alias) IP on the WAN interface? If you are replacing the IP addresses, then of that /30 subnet - one IP will be assigned to the firewall and one will be a [default] gateway address.

               

              | "For the WAN IP address...should this be changed in Network > Interfaces? In that section I have our external network NIC which has all of our public IPs on it so I'm guessing the IP needs to be added there."

              > Yes - this is where it is changed.

               

              | "There is only a single route defined aside from the Primary and Alternate default routes in the static routing area, is it safe to assume that the rest shown in the status must be populated automatically?"

              > How many interfaces do you have defined on the firewall? It's possible that the additional route that is displayed is for an internal/LAN network, based off of the internal/LAN interface. If it is not, then unless dynamic routing is configured, the routes should not be populated automatically. Would it be possible to provide a screenshot of the Route Status as well as a screenshot of your interfaces?

              • 4. Re: Trouble Changing Static Route for New WAN IP

                | Are you replacing your current IP addresses with the new IP addresses, or will the IP address in the /30 subnet be an additional (alias) IP on the WAN interface? If you are replacing the IP addresses, then of that /30 subnet - one IP will be assigned to the firewall and one will be a [default] gateway address.

                 

                > The only IP addresses that are changing are the WAN IP. The rest of our public IPs are remaining the same (we're not actually changing ISPs, just upgrading to a faster service).

                 

                 

                | How many interfaces do you have defined on the firewall? It's possible that the additional route that is displayed is for an internal/LAN network, based off of the internal/LAN interface. If it is not, then unless dynamic routing is configured, the routes should not be populated automatically. Would it be possible to provide a screenshot of the Route Status as well as a screenshot of your interfaces?

                 

                > Dynamic routing is not configured, the route that is manually added is for our VPN network. I was just wondering if the rest of the routes that show up under Status are automatically populated, which I believe the answer is yes.

                 

                You can view the routes configured here (with some things covered up):

                 

                http://i.imgur.com/lzhqi.png

                • 5. Re: Trouble Changing Static Route for New WAN IP

                  If you are referring to the 192.168 routes, then yes - those are automatically populated (they are interface routes). Under the 'Flags' column, any entry with 'S' indicates that the route was manually added (see man netstat for a description of all the flags).

                   

                  If you are not completely re-IP'ing, then it doesn't sound like you need to change the default route. As long as your ISP routes traffic destined for these 2 new IP addresses to your firewall, it should not pose a problem. Perhaps this is something that should be clarified with your ISP?

                  • 6. Re: Trouble Changing Static Route for New WAN IP

                    Can you please tell me how to change the Current Default Route? Mine shows a refresh button beside it but I'm not sure how that is going to pick up the new default route IP.

                     

                     

                    Will that change when I change the single static default route?

                    • 7. Re: Trouble Changing Static Route for New WAN IP
                      PhilM

                      It shoudln't be no more complex than navigating to the Network -> Routing -> Static Routing screen, double-clicking (or right-click and select modify) the Primary Default entry, and changing the IP address to that of your new router.

                       

                      Click OK to close the pop-up window and finally click on the "Floppy Disk" button in the toolbar to commit the change to the system.

                       

                      As long as this new IP address is part of the same subnet range as the configured external interface, that should be it.

                       

                      -Phil.

                      • 8. Re: Trouble Changing Static Route for New WAN IP

                        Can you please tell me where the actual public WAN IP that is on the router is set? I'm activating a new circuit later today and just want to make sure I have everything on my side ready to go.

                         

                        The IP on the router is not part of the same subnet as all of the IPs configured on the firewall.

                         

                         

                        Perhaps I am mistaking how this works however. It may just be that the Verizon router has to be configured to point to our firewall IP and that we don't have to configure anything on our side to point to their router...I'm not sure as I've not done this with Sidewinders before.    

                        • 9. Re: Trouble Changing Static Route for New WAN IP
                          sliedl

                          You cannot add a default route that is not in the same network as some IP of the firewall.  You might be able to add it but it won't work, as the firewall won't know how to route to it.


                          Verizon has to give you an IP in the same range as your public IP to be your default route.  Or, you get DHCP from Verizon and the route and IP are set automatically then.

                          1 2 Previous Next