firewall IP address and range of static IP addresses.

Discussions about Internet service providers (ISPs), the Meetinghouse Firewall, wired and wireless networking, usage, management, and support of Meetinghouse Internet
Post Reply
ckellsworth
New Member
Posts: 30
Joined: Mon Feb 07, 2011 10:20 am
Location: Palm Springs, CA, USA

firewall IP address and range of static IP addresses.

#1

Post by ckellsworth »

I am helping a Contractor setting up a webstat device (tomorrow), in reading the wiki
https://tech.lds.org/wiki/Internet-enab ... tinghouse)
and reading the https://tech.lds.org/wiki/images/c/c8/W ... ctions.pdf
it talks about the IP address of the firewall, looking at the example

IP: 10.246.122.13
subnet: 255.255.255.192
dns: 10.246.122.1
Gateway: 10.246.122.1
...

It says that the IP address of the firewall is .13 but would that not be the IP address of the computer i am on, and the firewall's IP address is .1 (the gateway)?

It then goes on to say the next 5-10 ip addresses are reserved for static assigned devices such as the webstat device. assumiing that my first question is a yes then the range they give 14-18 for static devices is not correct it should be like .2 - .6?

i would also assume that unless there is a list of used static IP addresses listed near the Cisco device i will just have to ping out and figure out what ip address is actually unused.

btw these were the same documents that were forwarded to me by the contractor.

side question, does not relate to the Q above.
does all web traffic get routed out the VPN connection back to the endpoint for filtering before going out to the world or does the filtering happen locally on the box and just select traffic goes over the VPN?

Thanks,

Chris
russellhltn
Community Administrator
Posts: 34422
Joined: Sat Jan 20, 2007 2:53 pm
Location: U.S.

#2

Post by russellhltn »

ckellsworth wrote:It says that the IP address of the firewall is .13 but would that not be the IP address of the computer i am on, and the firewall's IP address is .1 (the gateway)?

I agree, the write-up is wrong. I sent the author a note.
Have you searched the Help Center? Try doing a Google search and adding "site:churchofjesuschrist.org/help" to the search criteria.

So we can better help you, please edit your Profile to include your general location.
jdlessley
Community Moderators
Posts: 9861
Joined: Mon Mar 17, 2008 12:30 am
Location: USA, TX

#3

Post by jdlessley »

ckellsworth wrote:side question, does not relate to the Q above.
does all web traffic get routed out the VPN connection back to the endpoint for filtering before going out to the world or does the filtering happen locally on the box and just select traffic goes over the VPN?
The firewall is configured to use the third party filtering service Websense.
JD Lessley
Have you tried finding your answer on the ChurchofJesusChrist.org Help Center or Tech Wiki?
bradhokanson
Church Employee
Church Employee
Posts: 48
Joined: Sun Mar 06, 2011 12:31 pm
Location: Utah, USA

#4

Post by bradhokanson »

ckellsworth wrote:I am helping a Contractor setting up a webstat device (tomorrow), in reading the wiki
https://tech.lds.org/wiki/Internet-enab ... tinghouse)
and reading the https://tech.lds.org/wikildstech/images ... ctions.pdf
it talks about the IP address of the firewall, looking at the example

IP: 10.246.122.13
subnet: 255.255.255.192
dns: 10.246.122.1
Gateway: 10.246.122.1
...

It says that the IP address of the firewall is .13 but would that not be the IP address of the computer i am on, and the firewall's IP address is .1 (the gateway)?

It then goes on to say the next 5-10 ip addresses are reserved for static assigned devices such as the webstat device. assumiing that my first question is a yes then the range they give 14-18 for static devices is not correct it should be like .2 - .6?

i would also assume that unless there is a list of used static IP addresses listed near the Cisco device i will just have to ping out and figure out what ip address is actually unused.

btw these were the same documents that were forwarded to me by the contractor.

side question, does not relate to the Q above.
does all web traffic get routed out the VPN connection back to the endpoint for filtering before going out to the world or does the filtering happen locally on the box and just select traffic goes over the VPN?

Thanks,

Chris

Question 1: Yes. .1 is the last octet of the routers IP address.

Question 2: Yes and No. The first few ip addresses (2 thru 9) are not in the DHCP scope available for lease. These are not to be used for other services in the building but could be used for printers. A specific Facilities VLAN needs to be set up for those services like Facilities that include Webstat sensors. GSD cant do it themselves but you need to call them to log a ticket and they can then escalate that to the Field and Campus Network Ops Team and we can create it. That VLAN does not have a DHCP server for it so everything on that VLAN is statically assigned. When we setup the VLAN we will let you know usable addresses, gateway and subnet masks.

Side Question: The 881 checks against our Websense filters for permitted access/URLs. The VPN tunnel is only used for administration. Internet web traffic is not tunneled.
Spydyee
New Member
Posts: 5
Joined: Thu Jan 06, 2011 1:45 pm

#5

Post by Spydyee »

jdlessley wrote:The firewall is configured to use the third party filtering service Websense.

I understand the routers are configured to use websense 's content filtering but are they running this on one of the church servers or do they have a V-series hardware appliance in place to manage the content filtering?
bradhokanson
Church Employee
Church Employee
Posts: 48
Joined: Sun Mar 06, 2011 12:31 pm
Location: Utah, USA

#6

Post by bradhokanson »

spydyee wrote:I understand the routers are configured to use websense 's content filtering but are they running this on one of the church servers or do they have a V-series hardware appliance in place to manage the content filtering?

Not sure but I will find out.
Post Reply

Return to “Meetinghouse Internet”