Thread: VM Business Issue since moving to 5 static IPs
View Single Post
Old 26-11-2019, 12:41   #12
sebyoung
cf.member
 
Join Date: Apr 2015
Posts: 32
sebyoung is an unknown quantity at this point
Re: Issue since moving to 5 static IPs
Hi all, sorry for the late reply. Thanks very much for the continued support!

Quote:
Originally Posted by Foo Fighter View Post
If you have both WANs connected on the draytek then set static IPs on the terminals. You can then create a load balance rule so that those IPs are set to use the asdl WAN. Make anothe rule so that other IPs use the Virgin WAN.
This could work, but the whole reason we have ADSL is as a failover, and this would really put us back to having no backup if the ADSL went down.

Quote:
Originally Posted by kev445 View Post
Seb, this has me really stumped…

Unfortunately, if it isn’t an MTU issue, the likelihood of us being able to resolve this ourselves is slim.

Let’s focus on what Verifone are saying, the transaction gets sent out on one port and comes back on another. This is quite an ambiguous statement, making it hard to decipher what they mean.

I’ve been wracking my brain trying to think what it could be, but nothing I come up with makes any sense. It unlikely to be TCP/UDP ports, otherwise nothing would work… Any sort of PC port doesn’t even make the remotest bit of sense either.

If you go back to a dynamic IP address, won’t you have the same PCI compliance issue? If you explain the Hitron is outside your firewall, will this appease them?

Alternatively if you know the IP address the terminal is trying to connect to, I would copy and paste a trace route into an e-mail to Virgin Media support… Explain the issue you’re having, the steps you’ve taken to resolve the issue and how it’s working on your ADSL backup with the same router.
Hopefully they’ll be able to diagnose the cause from their end.
My feeling is that Verifone's statement isn't technically correct. You're right that if we go back to a dynamic setup, we'll have the same compliance issue. But the thing was - it wasn't actually failing, it was passing but wanted us to attest why these ports are open, and it was the Hitron that was causing this. VMB knew what I was talking about and said that moving to static would fix it, which it did. Perhaps if we move back to dynamic, we can explore why these ports are open when the Hitron is in modem mode...

Quote:
Originally Posted by fizzyade View Post
Maybe it's an issue with PAT port translation, but then that doesn't explain why it would work on DHCP and not static ip.

OP have you tried temporarily putting a verifone device on it's own static ip and see if it behaves?
Good suggestion. We have 5 static IPs, 1 router and 4 card machines. If this works, is there any reason the card machines shouldn't be on fixed IPs?
sebyoung is offline   Reply With Quote