Static IP with site to site VPN and our own hardware

Hi, we have two office locations with Comcast business connections, and I am looking to use Unifi routers at each, including configuring site to site VPNs to our central office.

I was hoping to just put the Comcast Business Gateways into bridge mode and configure the Unifi routers with the static IPs, but is looks like that won't be possible. From what I have read, static IPs won't work when the gateway is configured in bridge mode, and the only option for static IPs is to run them in full routed mode.

If this is the case, is it possible to fully disable the firewall on the Comcast gateway to ensure all traffic, including VPN traffic, passes through the device to the Unifi router?

Will the Unifi router still be configured with the static WAN IP?

Does configuring the static on the gateway, and any firewall configuration, require a tech visit or can it all be done remotely?

Thanks for any help, this seems way more complicated than I have seen before for a business static IP connection.

Responses

Comcast_Antoine

Official Employee

•

36 Messages

2 years ago

Hello @Vorofa! Thank you for taking the time to reach out and being part of the Xfinity family. I'd be more than happy to answer your questions.

Is it possible to fully disable the firewall on the Comcast gateway to ensure all traffic, including VPN traffic, passes through the device to the Unifi router?

Yes! If you set your comcast modem firewall settings to "low" than all traffic, including VPN traffic, passes through the device to the Unifi router

Will the Unifi router still be configured with the static WAN IP?
Yes

Does configuring the static on the gateway, and any firewall configuration, require a tech visit or can it all be done remotely?
No, You can just log into your modem and do it there.

0

V

Vorofa

New Contributor

•

7 Messages

2 years ago

Hi Antoine, thanks for the reply. Just to confirm, if I purchase a static IP I can configure it on the Comcast gateway myself, and don't need a technician to log in remotely?

One of the locations already has a static IP, and the other we will need to purchase one for.

At the location that has the static already configured, what changes do we need to make on the gateway to allow us to use our own router? Is there anything other than the firewall change and disabling DHCP on the LAN side?

Thanks

10

0

CC_TimothyS

Recognized Contributor

•

22 Messages

That is correct, you do not need a tech to log into configure the static IP.

As far as changes to be made on the gateway, to use your own router you will just need to enable bridge mode on the gateway itself.

I no longer work for Comcast.

Like

Reply

2 years ago

0

V

Vorofa

New Contributor

•

7 Messages

Hi Timothy, do Comcast gateways now allow bridge mode when using a static IP? Everything I have seen online has said that for a static IP they must not be in bridge mode, and bridge mode only works for DHCP. Is this a recent change?

Like

Reply

2 years ago

0

V

Vorofa

New Contributor

•

7 Messages

For reference, this link:

https://forums.businesshelp.comcast.com/conversations/equipment/true-bridge-mode-vs-passthrough-mode/5fe0a58dc5375f08cd7d88fe

If you want to use ‘true bridge mode’, please note the following characteristics of devices in bridge mode:

Does not have router capabilities or support LAN DHCP

Cannot have a fixed Static IP assignment

Like

Reply

2 years ago

0

Comcast_Antoine

Official Employee

•

36 Messages

That's correct! Putting a gateway in bridge mode deletes all of the user-provisioned static IPs and will only hand out addressess using DHCP.

Like

Reply

2 years ago

0

V

Vorofa

New Contributor

•

7 Messages

I'm getting a little confused now as that is conflicting information to the previous answer...

If that's the case, what changes do we need to make on the gateway to allow us to use our own router with the static IP already configured on the gateway? Do I just need to disable the firewall, and LAN DHCP?

Like

Reply

2 years ago

0