"Connection Pro" LTE Failover, CGA4131COM, Static IP, Bridged Mode, & pfSense Router/FW
I'm interested in upgrading my existing Comcast Small Business service to a higher tier that supports "Connection Pro" LTE failover. I’m hoping someone here can help me understand what I’m getting into before I commit to anything.
My current sales person is telling me a tech will come out, plug in the LTE “Connection Pro” device to my CGA4131COM, a miracle will occur, and I’ll have LTE failover. I’ll gladly eat crow if this is true but I’m skeptical at best.
Very respectfully to the Comcast employees here, I was recently burned after retiring my old faithful SMC. When I upgraded to 150/15, sales definitively assured me the CGA4131COM could be put into "true bridge-mode” into my firewall/router with a static IP. That’s not how it panned out. Note that the tech who came on site was very helpful, patient, smart, friendly, and we just happen to attend the same church but he only understood what I was trying to accomplish at a high level and ultimately couldn’t implement the solution I was promised. It turned into a 5+ hour painful ordeal. My goal here is to avoid having this happen again.
Please note my background is IT security, not networking. Everything I know has been learned through trial and error. Please forgive any incorrect nomenclature and/or other ignorance. I’m open to any and all constructive criticism.
Here's my current architecture:
Internet –> CGA4131COM –> pfSense w/Static IP –> JGS524PE | JGS524Pev2/Unifi/VLANS | Dedicated Home Office Port/DMZ
And in more detail:
- CGA4131COM – Set to "Disable all rules and allow all inbound traffic through", WAN DHCP disabled, 1-to-1 NAT disabled, firewall disabled, customer security enabled with "Disable entire firewall". Ethernet port 1 is connected to my firewall. Turning on “bridge mode” breaks everything, but that’s another conversation.
- Static IP is assigned to My Firewall / Router – 4 Port Qualcom pfSense 2.4.5 with all the goodies (Suricata, pfBlockerNG, Squid Reverse Proxy…)
- Port0 is WAN connecting to the CGA4131COM and is currently the only current route in/out of the network.
- Ports 1 and 2 are broken up into approximately 15 vlans across a JGS524PE and JGS524Ev2.
- The JGS524E powers 3 UniFi AP-AC-Pro WAPs
- Port 3 is completely isolated, dedicated to a home office corporate connection and can’t be touched.
I suspect making the “Connection Pro” LTE device work will require a dedicated port on the pfSense box (I've got freeing up a port under control) and creating a new failover route more or less per the article below. Am I correct?
Thanks in advance for taking the time to look this over. Any advice or suggestions you could provide would be greatly appreciated. Knowledge is power.
Tagging Comcast_Phil as he's helped me in the past.