Connection Pro and Real Enterprise Firewall (sonicwall, sophos, cisco etc) Failover Failure
Sorry for the Crosspost - I initially put this on hardware but see the sticky on the connectivity forum advertising the Connection Pro Service.
I have been searching for a month, and I have been unable to find a post or a support person at Comcast that can address what should be a straightforward setup for any dedicated business failover. I have accomplished this with multiple providers (i.e., Comcast and T1), but I can't seem to get it working for Comcast connection Pro and the Cradlepoint. This is what I have before setting up the Comcast 4G backup.
1. We have a Comcast gateway with a static IP.
2.The Comcast gateway gives my firewall WAN1 a static IP.
3.The firewall does all the routing, DHCP, and endpoint protection for my client.
In any IT world I have ever experienced in my 20 years, the backup connection (4G or any other) would plug into the firewall as WAN2. The firewall controls the actual failover.
I am told: The Cradlepoint can only do DHCP, which in my installation is just fine since all they need is outgoing internet and no VPN's or direct connections.
If I plug the Cradlepoint into a WAN2 and set it up for failover, it does NOT provide a DHCP IP to the firewall. I have even tested this by pulling the gateway power and seeing my firewall failover seamlessly. But the cradlepoint does not kick in. Everyone in Comcast tells me that the gateway must be connected to the cradlepoint, and the cradlepoint MUST be the DHCP for the local network. That means no more firewall and all real protections must be removed for Connection Pro to work.
I beg of someone here to tell me I am wrong, and I have not found the right person with the necessary network failover experience to say to me I am wrong, and this can do a proper failover.
I have never heard of any enterprise or small business firewall that can use one WAN input and automatically switch it to DHCP. It's always a 2nd input into the firewall that is configured to the 2nd backup WAN connection. Comcast I could sell 100 of these Connection Pro systems in the next year if that can be accomplished. The Cradlepoint hardware will do this independently, but it seems Comcast had locked them down to only be used INLINE.
FYI. If my firewall had a sim chip input, I would plug the sim from the cradlepoint into the firewall, but my firewall does not have that.
Any help would be much-appreciated PM or publically. I have seen many people all over the internet who can't seem to get this done or get a clear answer. The Comcast clients need to have the information. Support telling us that the IT people must figure it out from there is just not acceptable. Our installer instructions came as 3 handwritten lines on the back of an envelope.
I am an IT professional with 20 years of experience and know my networking. Why does no one at Comcast understand it, or is there any clear technical information. I was on with Level 2 for an hour today, and it's like talking with his cousin's friend's brother, the IT guy from the old neighborhood.
Please help me understand this and provide a solution for me and everyone. Otherwise, it's a paperweight that's going back.
The IT Guy 🙂