Help with set-up 3rd party Firewall and Alien


  • Hi,

    I'm working on setting up my own home network but need help..

    Currently own:
    BGW320-505 (ATT)
    Fortigate 60e
    Amplifi Alien

    GW ->FW -> ALIEN
    What needs to be done to make this work?

    -Set ISP router to Bridge mode?
    -Buy public IP and set to IP passthrough?
    -Set Alien to bridge mode?

    Currently getting double NAT (I know it's 2 routers).


  • Hi @Phillip-Sanders - the recommended (only) way to disable the Alien's firewall is to place the Alien in Bridge mode


  • @Derek-Saville I'm not looking to disable FW on Alien. I need to know how to get rid of my double NAT, while using my Fortigate and Alien.

    I just want to confirm that putting my ATT router in bridge mode will fix it the problem.

    (I want to be able to control ports using Ubiquiti, not ATT GW)


  • Hi @Phillip-Sanders - sorry, I was referring to NAT as being part of the Alien's firewall system

    The only way to disable NAT on the Alien is to place it in Bridge mode, which will eliminate the double NAT, but then you lose many Alien capabilities (see https://help.amplifi.com/hc/en-us/articles/220979347) and you are left with a WiFi mesh and Guest access

    If you want to maintain the Alien's port forwarding then you will need to put your ATT router in Bridge mode to eliminate the double NAT

    Note that there have been many reports of ATT routers not having a true Bridge mode causing speed and/or incompatibility issues and you may need to do a search on this community or other internet sites to help find the specific configuration settings for your model


  • @Phillip-Sanders Any progress on this, it seems like the issue is the BGW320-505 (ATT) that you need to have AT&T put in Bridge Mode, and disable the wireless, or replace. Then you should be ok. (Gateway->firewall->Alien)


  • @unseenone yes, reason I don't want to put Alien in bridge mode is... I lose all functions. However, my ATT router doesn't have a bride mode.

    I believe the only solution is to purchase a static ip from ISP, then put router in IP passthrough. Cause my Firewall also has a NAT.


  • I understand, I'm not sure about the firewall, if it is only a firewall there should be no NAT, contact AT&T and ask for different equipment or for them to configure it properly, that is your only option, if you do not want to run it in bridge mode.


Log in to reply