Setup Cradlepoint CBA850 cellular device for WAN Failover

[miles267]

Thanks LaurentR. When you mention selecting the correct LAN port. They are marked LAN1 (which is for locally administering the device) and LAN2-POE. Which of these 2 ports do you have connected to your NGFW interface?

[miles267]

I think I've since gotten it working and setup both WAN Failover and WAN Balancer. One question I did have... since my Cradlepoint CBA850 is on a cellular plan that I don't want running ping tests every 5 seconds consuming massive cellular data over time (it's on our family plan), what is a good test frequency (in seconds) and timeout interval for a cellular backup interface?

Currently have the cellular WAN set to test every 3600 seconds (1 hr) with a 2 second timeout.

[sky-knight]

A 1 hour test means Untangle will take up to an hour to know that WAN is down. Since it's an emergency connection, and I assume you're using WAN Balancer to set that line to 0% of your traffic... that should be fine.

After all, it's the OTHER connection you really care about rapid up and down detection on.

Also, pings are tiny... so I doubt you're going to feel that in terms of bandwidth consumed. But again I don't see much of an issue other than if there's a cellular outage Untangle won't know for up to an hour.

[miles267]

Sky-knight, good point. I've gone back to the defaults on both WAN interface tests in WAN Failover. I'll check my cellular plan periodically to see how bytes frequent pings use.

LaurentR mentioned setting up a static route to the CBA850 cellular device. I've not setup any static routes in my NGFW before. My LAN interface is 192.168.0.1/24, 255.255.255.0 (/24). Each time I try to setup a static route from my LAN interface to the CBA850 (192.168.1.1; doesn't conflict with anything else on my network) it seems to mess up my NGFW and require that I not reboot it but power cycle it. Surely I'm doing incorrectly as follows?

Description - LAN to CBA850
Network - 192.168.1.1
Netmask - /24 255.255.255.0
Next Hop - 192.168.0.1

[LaurentR]

I use a /32 netmask (255.255.255.255) - since there is a single IP address you care about - but it shouldn't matter.

The "Next Hop" should not be an IP address, but the WAN Interface (from the drop down list) to which your modem is connected. That's the whole point: regardless of what WAN failover/balancer says, you want to make sure connections to the modem itself are always sent to the WAN port connected to the modem.

That's your issue I think (what you've instructed Untangle to do by routing to "192.168.0.1" is to route it back to the LAN interface, which is a loop.

As far as which port to use, they have the same capabilities but different default values. I used port 2 because I use PoE to power the modem and that's only on port 2. I deleted both port 1 and port 2 configs and redid port 2 config from scratch.

[sky-knight]

Yeah if 192.168.0.1 is on the CBA850 for management, then a static route for things going to 192.168.0.1/32 and targeting the WAN port on Untangle the CBA is plugged into will force all traffic destined for that address out that specific WAN no matter what... which is one of the only ways to manage the cellular device from inside Untangle.

We're both assuming you'd like to be able to do that... instead of trying to plug a laptop into the CBA directly every time you need to change something.

[miles267]

You’re correct. Oddly when I add this static route, I am able to connect to the management IP of the CBA850 without issue from any client on my internal network. That’s great. However connectivity to the internet from client devices is then interrupted until/unless I delete the static route and all is well again. Not sure what would cause that.

[LaurentR]

You’re correct. Oddly when I add this static route, I am able to connect to the management IP of the CBA850 without issue from any client on my internal network. That’s great. However connectivity to the internet from client devices is then interrupted until/unless I delete the static route and all is well again. Not sure what would cause that.

Just to be clear, you set a route for 192.168.1.1/32 (the CBA address), not 192.168.0.1 (the UT LAN address)?

[miles267]

Just to be clear, you set a route for 192.168.1.1/32 (the CBA address), not 192.168.0.1 (the UT LAN address)?

Yes, that is correct. Am unsure why that would cause internet access to completely stop when this single static route is present.

[sky-knight]

Yes, that is correct. Am unsure why that would cause internet access to completely stop when this single static route is present.

That means you're using 192.168.1.1 somewhere else... what's Untangle's Internal IP address?