Hi,
I have a pretty complicated scenario which is probably simple and dumb to the rest of you, but I am desperate enough to risk embarrassment, having been without internet for two days....
I am a fledging-intermediate systems administrator who inherited my "job" when the previous person (the overall boss who was the IT guy) left, with some bitterness, and very little documentation as to why and how. The job of computer/telecomm administrator did not exist before this. This is a "small" office of 55 or so computers over two locations; one of which has internet (cable modem via Roadrunner), the other doesn't. The two offices are connected by Cisco routers, CSU/DSUs, and a T1 line. The second office doesn't matter to this question, but I thought I would mention the two Cisco routers (unmanaged). Also the hubs are unmanaged (HP Tbased Pro Curve).
The one office which has internet had a firewall (SonicWall/10) bought in 2000, aging, and clearly inadequate and due to be replaced, which it decided to do itself two days ago on Sunday when it died, possibly due to a power surge.
Panicked, because our office users use VPN to connect from home, and because they are used to Internet in the office, I stopped at Best Buy on Sunday and picked up a Netgear FVS318, supposedly with NAT and 8 simultaneous VPN and support for up to 253 users.
On Monday I called Roadrunner our ISP and gave them the MAC address of the new firewall, which is all that they needed to upload this information to the cable modem and make sure it's associated with a "persistent" IP address of 24.24.XX.XXX The cable modem we have is not suitable for "fixed" IP addresses, but the way they do it is that the modem pulls the same IP address each time, which is what we need for our client software that VPNers use. RR tells me that the Wan side of the firewall needs to be dynamic, which I have done. (Netgear allows you to detect whether you need a dynamic or static WAN configuration, or to manually configure it yourself). The LAN side of the firewall needs to be configured for our network and this is the problem I am having.
Our office PCs use static IP address due to a networked application (UNIX app server) that requires it (according to the old admin's few papers). However the static IP addressed PCs cannot reach the internet through the firewall. They can if I set the network prefs on the local PCs to DHCP. Doing so I was able to first configure the firewall to detect a Dynamic WAN IP on the WAN side, but this then negates the PC from being able to reach other PCS and the server here.
The office static IP is 194.X.X.Y, and the local gateway configuration for PCs to reach the internet via the old firewall was 194.X.X.YZX, and the DNS addresses were provided by the ISP. That's all they needed under the old firewall to reach the internet.
1. When I set it to this (leave it the way it was), I can't reach the firewall/internet. I can't ping the firewall.
2. When I set the local PC gateway to 192.168.0.1 (wihch is the default gateway of the new firewall), but leave static IP addressing, I can ping the firewall, but I can't reach the internet.
3. When I set the local PC to DHCP IP, I can reach the firewall at 192.168.0.1 (and the internet), but when I try to adjust the LAN IP settings on the firewall to an IP of 194.X.X.YZX (the old gateway address), it then loses the connection to the internet, and if I leave the LAN IP setup screen, I am then unable to reach the firewall through the internet, or any other internet site. I then have to do a hard reset on the firewall (several times now) to get the firewall back to 192.168.0.1 in order to reach the web configuration page/the firewall again.
I am not certain why the old admin didn't originally set up the network with "private" IP addresses such as 192. Now that I've thought of this, I am going to try tomorrow to set up a PC with a static IP Address of 192., with the gateway of 192.168.0.1, and see if static addressing will work that way to reach the internet.
I found out today from my application tech-support that the app can work in DHCP environments, although they tend not to suggest that if the office does not have an in-house support person for if the DHCP server dies, so does access to the app.
FYI, our WIN server is also old and due to be replaced (6 years, WIN NT 4, SP1 (!!!)) this summer as soon as I can. At which point, I will possibly choose a static or dynamic environment (that's another question I'll ask later). In the meantime, it's fragile and I am loathe to adjust it. It was never connected to the internet (non-web servers never should, right?), and its gateway was 194.X.X.Y0. Which I can only assume means the Cisco router on that office property. (In order for the two offices to connect, the gateway at the other office is 194.X.1.Y0. Again the other office does not have internet (save through personal modems), so I don't think it applies here, although I could be wrong.
Has anyone had this experience with a Netgear firewall? It appears to be slightly more advanced than the SonicWall, although I could be wrong about that as well (had so few choices on a Sunday). Is 192 the only address that the firewall will accept as its gateway?
If so, how was the other admin able to configure the Sonic Wall with a 194.X.X.YZX, if "private addresses" are best? (I'm assuming).
Am I stuck with shopping around for another firewall? (I told the office I would swallow the cost of this and take the firewall home for my use if we replace it).
Do I need to change all my network IP PC addresses to a 192 scheme? This would involve the Win server too. I don't particularly care about doing all the PCs, but the Win server I am concerned about. Would it be too taxing to make this major change? I would also have to call the app tech support because they would need to change the IP addresses for all the app-connected hardware (they maintenance many printers, the UNIX server, file/remote cache servers, the digiport board) to a 192 plan. It would be a huge, huge task.
I've left two emails for Netgear tech support, and called them this morning, at which point they said they were "experiencing" technical difficulty and someone would call me within 2 hours. No one ever did, and I have no email responses. (Sure, *they're* have technical difficulty).
I thought maybe the presence of the Cisco routers (which I have never fiddled with) may have something to do with not being able to configure the Netgear to a 194 address, but on the other hand, I was able to reach the internet as long as I set the local PCs to dynamic addressing.
In any event, I have unhappy home users and people with no internet (which we do use to contact other offices and share files).
I'm feeling doomed. Any suggestions for now?
Thanks so much--sorry for the long email but this office is pretty complicated. (and I am the only tech person).
Vanessa
