I have a number for WR11XT modems that all have a similar set of stateful packet inspection rules at all sites. So far as I can tell I’m allowing all outbound traffic with statful inspection… and I have various rules for inbound traffic where there isn’t an outboud request…
outboud I use:
pass out break end inspect-state
I don’t have any other “specific” rules to allow “google/gmail” traffic inbound…
At most locations this works fine, I’m able to use gmail, google docs, hangouts, etc in chrome. However there are a few locations where gmail just doesn’t work and I get ERR_TIMED_OUT from the web browser. All locations are using Verizon… and locations are spread across the US (CA, CO, IA, TX, ME, MD, OR, PA, etc).
The simplest test to see if it is your firewall rules is to turn off the firewall (ppp 1 firewall off) and then run your tests again before turning the firewall back on (ppp 1 firewall on).
My next suggestion would be to upgrade the router firmware and confirm you are running the latest firmware on the cellular module as well. There have been a variety of throughput fixes in some recent firmware which may or may not fix this issue.
Sorry… I should indicated that, indeed, turning off firewall fixes the issue. I’m seeing guidance on how I might solve the problem with the firewall enabled. It seems like the outbound stateful inspection rule (pass out break end inspect-state) isn’t enough and I’m wondering if anyone has suggestions on other ports I need to open or ???
Initialise the firewall with the fw command and watch the firewall (type fwstat.hit) to see which rule is being hit. Hash # it out and try again until you find the exact rule. You can also check the firewall log to see if anything is being dropped that is essential.