SD-RED LTE Backup over AVM Fritzbox


Does someone have experience with SD-RED Failover via LTE which is provided by the Deutsche Telekom.

We have a customer who has a couple of SD-Reds in Place, which are connected via a dark fibre backbone. Some of them have a dsl backup which is working. 

In one place there is a AVM Fritzbox 6890 and the red is configured as an exposed Host. In this scenario the Red cannot establish the tunnel connection.

The Red cannot pass phase 2 (router). Which doesnt make sense because I can see the connection in the TCP DUMP on the XG Firewall.

I know that LTE in generell is working because we deployed some of them with an LTE Route in the first place. The only difference is that we didn´t use a fritzbox and deutsche Telekom in the deployment phase.



  • We tested an other RED Device behind a Telekom Speedbox and this is working. So maybe the problem is on the fritzbox.

  • Hello Silvio,

    I once had problems with certain Fritzboxes and certain FritzOS releases when using the "exposed host" setting. Using explicit port forwardings for the ports needed by SD-REDs solved it. Maybe you give it a try.

    Mit freundlichem Gruß, best regards from Germany,

    Philipp Rusch

    New Vision GmbH, Germany
    Sophos Silver-Partner

    If a post solves your question please use the 'Verify Answer' button.

  • Hi Phillip,

    Good Idea, but doesn't resolve the Problem. Maybe we have an issue with this particular device. 

    We replaced the Fritzbox with the Speedbox, which was working on the other RED Device and got the same error pattern on the device and in the logs.

    The config on booth device for LTE Failover are the same.

    We will test the other red behind the Fritzbox tomorrow. If that is working, then we will replace the red. Maybe there is a problem.

    But thanks anyway

    und viele Grüße nach Giessen. Das ist ja quasi um die Ecke.


  • It seems that it's not related to a specific red device and it´s becoming a bit strange.

    If we switch the Firewall IP, put Backup as primary and connect the LTE Router on WAN1 then the tunnel establishes. If we switch back and put the LTE on backup and WAN02 the tunnel is flapping. 

    Hopefully, the Support can help. Until now, I have to prove him that I have an issue and need some help to understand and solve the issue. Which is a bit weird.