simonlai
asked on
Change of ISP, what to do?
I am a newbie to firewall configuration. We are using a nokia firewall with checkpoint NG version. recently, we change our ISP and thus need to update our firewall with the new ISP network setting. Does anyone knows:
1. what type of data to change in the firewall?
2. Do I need to enter the IP of my router?
3. I check the current setting in checkpoint and all I find is the external IP address of the firewall. There is not mention of router IP. where to find it?
4. Do i need to assign a new external IP address previded by the new ISP to my firewall?
5. Do i need to enter other information like subnet, gateway, pri dns and sec dns in the firewall?
Thanks.
1. what type of data to change in the firewall?
2. Do I need to enter the IP of my router?
3. I check the current setting in checkpoint and all I find is the external IP address of the firewall. There is not mention of router IP. where to find it?
4. Do i need to assign a new external IP address previded by the new ISP to my firewall?
5. Do i need to enter other information like subnet, gateway, pri dns and sec dns in the firewall?
Thanks.
ASKER
Hi Keith,
Thanks for your reply. Can I also check on the following:
1. The new ISP is providing me with it's own router, i can't change anything in it.
2. I was given a range of IP address to use, does that means that i can choose anyone for my external firewall IP? They has also assign one of the IP for the router.
3. with regards to your pt4 above, the current external IP and subnet of the firewall is different from the external IP n subnet of the new router. Does that means that i need to change it to the one as assigned by the new ISP?
4. you mention in pt5 above that i need to change the forwarder in my DNS to the new ISP DNS server, do you know where to go about doing that?
5. My email server is hosted internally. where do i key in the A record mentioned above?
Thanks and regards
Simon
Thanks for your reply. Can I also check on the following:
1. The new ISP is providing me with it's own router, i can't change anything in it.
2. I was given a range of IP address to use, does that means that i can choose anyone for my external firewall IP? They has also assign one of the IP for the router.
3. with regards to your pt4 above, the current external IP and subnet of the firewall is different from the external IP n subnet of the new router. Does that means that i need to change it to the one as assigned by the new ISP?
4. you mention in pt5 above that i need to change the forwarder in my DNS to the new ISP DNS server, do you know where to go about doing that?
5. My email server is hosted internally. where do i key in the A record mentioned above?
Thanks and regards
Simon
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Hi Keith,
I can't test your answer yet as i cannot down the connection at the moment, but thanks a lot for your answer. You r really a great help. appreciate it.
I can't test your answer yet as i cannot down the connection at the moment, but thanks a lot for your answer. You r really a great help. appreciate it.
You are welcome. If we can help further when the time comes, you know where we are :)
Regards
K
Regards
K
ASKER
Keith,
this is very urgent, can I check if you are familiar with nokia checkpoint firewall? I have change some setting and now I can't ping the firewall from any of my server
this is very urgent, can I check if you are familiar with nokia checkpoint firewall? I have change some setting and now I can't ping the firewall from any of my server
Whats the problem?
What have you changed?
What have you changed?
ASKER
Hi there, I have a nokia IP350 firewall, in which I change some setting from the web-based Voyager which are as follows:
1. change the IP interface for one the the port
2. add in a static route
3. change the "host address assignment" IP
After changing, I did a reboot of the firewall.
now I can't ping the firewall from my servers. I can't use voyager to change back the settings, Can u help urgently? Thanks alot.
1. change the IP interface for one the the port
2. add in a static route
3. change the "host address assignment" IP
After changing, I did a reboot of the firewall.
now I can't ping the firewall from my servers. I can't use voyager to change back the settings, Can u help urgently? Thanks alot.
ASKER
I can use telnet to logon into the firewall, but i m stuck there...
ASKER
I can ping the rest of the server from the firewall, not the reverse. Is there anyway to revert back the changes?
You rebooted the firewall? Did you test all the connectivity first?
I am assuming that nothing on the INSIDE of the network has changed. The fact that you can ping servers on the inside means at least that traffic is flowing correctly.
What is the static route that you have added?
I have to say that now is not the best time to explain to me that this is a hosted site and not a site that is local to you...
Can you rdp onto any of the servers?
I am assuming that nothing on the INSIDE of the network has changed. The fact that you can ping servers on the inside means at least that traffic is flowing correctly.
What is the static route that you have added?
I have to say that now is not the best time to explain to me that this is a hosted site and not a site that is local to you...
Can you rdp onto any of the servers?
Also, has the ISP allowed all the ports through their new router?
ASKER
Hi Keith,
I have solved the problem, i think one of the rule is blocking access. I have cleared and revert back to the old setting. But have still not change the new ISP setting. Anyway, that can wait. Thanks again.
I can sleep in peace tonight.. haha
I have solved the problem, i think one of the rule is blocking access. I have cleared and revert back to the old setting. But have still not change the new ISP setting. Anyway, that can wait. Thanks again.
I can sleep in peace tonight.. haha
:) lol
2. Yes. The ISP will give you a new IP address/subnet or range to use. One of these needs to be assigned to your external router interface.
3. As per point 1.
4. No, not by the sound of it. You can tell though by comparing the external IP address of the firewall with the external IP address of the router. Are they on the same network ID and subnet mask? If yes, then all of the addresses mentioned so far (external firewall IP, internal router and external router) will need to be changed accordingly. If no, then there is no need to change any address for the firewall itself.
5. Changes you MAY need to make.
On your internal DNS, you may need to change your forwarders to the new ISP's DNS servers.
If you have any objects in the Checkpoint firewall that reference the existing ISP addresses, these will need changing accordingly.
The default gateway on your router may need its IP address changing to the new ISP's default gateway.
If you host your own mail server or web server internally, you will need to get any A records such as www etc and your MX records for email delivery amended so that they point to the new external router IP address.
Regards
Keith