Page 1 of 1

FYI: firewall dead? Try switch between FW and modem

Posted: Sun Sep 28, 2014 9:18 am
by aclawson
One of our buildings had intermittent internet failures before dying completely. Rebooting, reflashing, fiddling with cables, magic incantations and interpretive dance routines did nothing to resolve the problem - by every indication the firewall had simply failed and was destined for a replacement. However, in a last-ditch effort our FM guy placed a Netgear GS switch between the firewall and the cable modem and everything was fine.

Also as an FYI - as a result of the troubleshooting that building now has the new 192.168.x.x configuration. It is important to note that port 3 is for facilities use only.

Mask is 255.255.252.0 with an ip range of 31 reserved for static (.2 - .32) and 990 total dynamic addresses allowed. The facility zone (port 3) is still in the 10.x.x.x netspace. There is also a "management zone" with yet a third configuration but does not appear to be linked to a specific port as the facility zone is.

Re: FYI: firewall dead? Try switch between FW and modem

Posted: Sun Sep 28, 2014 10:01 am
by rolandc
And if you have a Official FHC the printers will no longer be monitored till port two (2) is set up for that and hopefully you will get some static addresses on that port.

We have the newest router in our building C881 (no wifi built in) port two was configured but no static addresses were assigned.

Re: FYI: firewall dead? Try switch between FW and modem

Posted: Sun Sep 28, 2014 12:43 pm
by russellhltn
rolandc wrote:We have the newest router in our building C881 (no wifi built in) port two was configured but no static addresses were assigned.
You might want to call Global Service. When it was first rolled out there was no static IPs, but once the FH folks became aware of it, they had GS add static IPs.

Re: FYI: firewall dead? Try switch between FW and modem

Posted: Mon Sep 29, 2014 6:06 am
by rolandc
russellhltn wrote:
rolandc wrote:We have the newest router in our building C881 (no wifi built in) port two was configured but no static addresses were assigned.
You might want to call Global Service. When it was first rolled out there was no static IPs, but once the FH folks became aware of it, they had GS add static IPs.

It was done Friday (9/27) morning, I received an email yesterday that states ICS is on it.

Are you saying the level two guys rolled out an older script for a router that was just released?

Re: FYI: firewall dead? Try switch between FW and modem

Posted: Mon Sep 29, 2014 10:21 am
by russellhltn
I went back and checked: I have a message dated Sep 6 that indicated that ICS had agreed to make changes to the FHC zone and that it would take a week to implement and that I'd hear back when it was done. It's been well over a week and I haven't heard back, so I'm not 100% sure of the status.

Re: FYI: firewall dead? Try switch between FW and modem

Posted: Mon Sep 29, 2014 3:13 pm
by russellhltn
Ok, the response I got: If the firewall was activated prior to 9/24, then you don't have the static IPs for the FHC and the firewall needs to be re-scripted. There's a bug in TM where the static range doesn't show, but it's there: .2 - .16. That bug will be fixed in the next couple of weeks.

Re: FYI: firewall dead? Try switch between FW and modem

Posted: Thu Oct 02, 2014 4:02 am
by rolandc
russellhltn wrote:Ok, the response I got: If the firewall was activated prior to 9/24, then you don't have the static IPs for the FHC and the firewall needs to be re-scripted. There's a bug in TM where the static range doesn't show, but it's there: .2 - .16. That bug will be fixed in the next couple of weeks.
They did have to rescript the firewall, for whatever reason it was pushed out but not verified. However you are correct about the Static IP range. I found them by forcing different dhcp address on other machines & the .2 - .16 was never issued so its solved for now.