Arris BGW210-700 not processing Packet Filter Drop rule

Hi @MEP_Consulting, 

As we understand, you're trying to block everything except the source IP above from connecting through remote desktop but currently, other IPs are getting through?

Since remote desktop uses TCP/UDP port 3389 by default, can you try adding those to the 2nd drop rule?

Please let us know if that helps.

Jeff, AT&T Community Specialist

Jeff, thanks for responding.

I have already tried that rule.  The reason for using port 3395 is we were already experiencing a bad actor in eastern Europe repeatedly trying to login on 3389 with rotating user names and passwords.  There is a Port Forward in NAT/Gaming that maps 3395 to 3389 on the IP of the PC.  I've tested using both 3389 native and 3395 forwarded.  Either port will still get through to the PC in spite of the Drop rule.  

The issue is the Source IP.  I need to allow ONLY 1 external IP access to the PC, and BLOCK all others.  

There are 3 principals in the company that need remote access.  I need 1 to work so I know how to setup the other 2.  

It seems like the NAT/Gaming forward is trumping the Filter rule. 

Since This is my first 210-700 installation, I don't know what to "correct" behavior should be for the router.  I'm beginning to wonder if we have a faulty one. 

Mike, Network Support Technician

Hello @MEP_Consulting

It may be a better solution to use a 3rd party router behind the RG (Residential Gateway) if you're finding that there are networking limitations/issues with the BGW210-700. You can configure the RG in passthrough. 

Keep in mind as well that we are limited to network troubleshooting; however, we do have ConnecTech support that offers a variety of support options as well. 

If you feel as if there is an issue with the RG, reach out to our technical team and we can further review.

Chad, AT&T Community Specialist. 

Chad,

Got this from the "ConnecTech support" link:

I'm trying to work my way through the labyrinth of the "reach out.." link.  

I'll get back to you after I see where I end up there. 

Mike

Second the recommendation for a "real" network device behind the Gateway.

Hi @MEP_Consulting, we are here to help.

Get expert support for your software, virus, security, and PC performance and home network issues - anytime you need it.  AT&T ConnecTech as a paid service  available to residential customers only. 

To learn more visit our website or call 866.294.3464.

If you have any additional concerns, please feel free to reach out to us. Thank you for contacting us on AT&T Community Forums!

Lafayette, AT&T Community Specialist

JefferMC and ATTHelp,

I'm afraid you're right.  

This is the third time I've been called in to resolve deficiencies in a new AT&T service installation.  Each time, we needed to purchase and install a third-party product just to get the feature(s) that were "sold" to the clients.  I'm still not clear on why AT&T would insist on delivering a home networking gateway appliance to a business client, and why no one seems to know how the 210-700 works (or is supposed to work).  

Can you suggest an equivalent Dual-band WiFi access point to replace the Arris?  I'll be using a Cisco router for the gateway.  

Just once I'd like an AT&T installation to work as advertised.  *sigh*

Rrgards,

Mike

@MEP_Consulting, we are trying to understand your request for a resolution for your issue.

Is this a business AT&T account? You you trying to eliminate the AT&T gateway from your network?

The AT&T gateway issued in your installation must remain in the network as the main gateway. 

You are however, can used additional router behind AT&T router and Port forwarding  is an option. 

Please let us know we are here to help.

Lafayette, AT&T Community Specialist

Lafayette, AT&T Community Specialist,

I know the Arris must remain as the primary gateway.  Apparently, since the Arris Packet Filtering doesn't work, I have to install another, capable, router behind it.  That means moving the WiFi access for the network to an Access Point on or behind the new router.  The last AP I purchased and installed was a Ubiquiti Dual-band AP.  I haven't researched Router/AP's in the last three years so I am inquiring as to the best WiFi AP to purchase that is comparable to the Arris 210-700 WiFi capabilities.  As I said, I plan to acquire the same Cisco router I used at another site to sit behind an AT&T router because the supplied router didn't have the L2 capability to handle the ShoreTel VoIP system bundled in the "deal" my client got.  The Cisco doesn't have WiFi since and the previous client didn't need it.  

If I could make the Arris Packet Filter successfully drop selected packets, I'd just use the Arris.  I'd prefer that solution, but alas it doesn't seem to be possible.  Still unsure as to why AT&T couldn't deliver a router product that can't do a simple firewall pinhole restriction.  

I look forward to any suggestions anyone may have so I can at least limit the scope of locating a suitable product.

Regards,

Mike

Hi @MEP_Consulting, we are unable to recommend the best third party router to us behind your AT&T gateway, we just don't have all the specifications.

Configuring a router to work with your AT&T router involves a few basic steps, as shown on our support article on connecting a non- AT&T router.

 If you have a device that wasn't provided by AT&T, please refer to your device manufacturer’s documentation.

If you need further assistance with your IP Passthrough setup and configuration contact ConnecTech Support.

Lafayette, AT&T Community Specialist