Issues with pfSense and ATT Fiber IP Passthrough

I have a remote site in LA currently running a Sonicwall TZ500 behind a ATT Fiber connection (BGW210-700) in IP Passthrough mode and it’s been working fine.

I’d like to replace the TZ500 with a pfSense CE box (mostly to switch from IPSec to a Wireguard tunnel to our main site in NYC which is running pfSense Plus, but that’s not important to this conversation). pfSense CE is running on this hardware in case that matters

I had an employee in the remote office swap the hardware for me. The ATT box saw the pfSense box and assigned it a WAN IP address via DHCP according to the ATT web interface. But it just doesn’t work. I updated the ATT IP Passthrough settings to make sure the MAC address of the pfSense box was accounted for, and I also tried spoofing the old Sonicwall MAC address on the pfSense box (which the ATT box also acknowledged) but that didn’t help either. No network traffic passes. Moreover, I had set up the firewall on the pfSense box to allow https management from Any WAN IP, and even that is not working. I also have a dynamic DNS account set up on the pfSense box and it’s not updating the record. We’ve power cycled everything repeatedly etc. I’m positive that they plugged the correct cables into the correct interfaces.

Has anyone else had similar issues? I’m stumped. I had the employee in the remote office reconnect the Sonicwall for now, and it’s working fine. I had them plug the pfSense LAN port into a spare workstation so I can edit the config.

Is your WAN interface set to DHCP on pfsense?

I have IP pass through on and turn off all the other crap on the gateway. Then I have the WAN set to DHCP on my PfSense box. Sometimes if I get a power outage, it might take an hour or so for the IP address to get passed.

Yes it is. And again, even the ATT router management page indicated that it had handed out a WAN IP address 104.x.x.x to the pfSense box.

Mine is currently set to Packet Filter On, IP Passthrough On, NAT Default Server Off, and Firewall Advanced On. You’re saying I should turn off Packet Filter and Firewall Advanced on the ATT box? Is there any chance that would kill the backup ATT wifi signal their box is broadcasting? I’m not on site and I’m paranoid about losing access, even with a remote employee there to be my hands.

I can remember having ATT at one point doing IP pass through without issues. You might get with ATT support and see if you can schedule a time for them to help you with the firewall transition.

I have everything turned off except IP Passthrough and then you’ll have to have someone restart both the gateway and mini pc wait about an hour and it should pass through. I use open VPN to connect to my network.

You also need to go to ip pass through tab and assign the device.

Assuming you have no need for what the 210 is providing, you could try pulling certs from the 210 and having the pfsense box handle everything. Your ONT is a white wall mount unit - the nokia G-010G-A?

Current pfsense ce and + have the updated wpa_supplicant and dhclient which handles vlan0 (was an issue in the past) requirement. You could then file the 210 into a box to never be used again.