Solved

Internet access through T1 line down after replacing hardware firewall

Posted on 2007-03-28
4
221 Views
Last Modified: 2010-03-17
I need help with this potential employment question.  This is NOT an exam question, but part of a long list for me to research and get back within the next week:

"Your company has an internet connection supplied to the LAN from a hardware firewall connected to a T1 router.  During normal business hours the Internet goes down.  After checking the T1 router and the corporate firewall you find that the firewall has suffered a hardware failure.  You replace the hardware firewall with a spare firewall.  The spare firewall is the exact same model and runs the same firmware.  You use the configuration file that was in production on the failed firewall.  The configuration file is sound.  You shutdown the old firewall and remove it from the network and you install the new firewall with the same configuration file already in place.  You cable the firewall properly and it starts normally.  None of the systems on your network can get out to the Internet.  What is the highest probable cause for this issue and what do you do first to resolve the issue.  Also list other probable causes for the Internet connectivity issue."

My initial thinking is that the new hardware firewall, although identical in model, firmware, and configuration file, has a different MAC address, and there may be an issue with the T1 provider's router and this new address.  Secondly, could installing the firewall with the configuration file already in place be an issue, as opposed to running the configuration file after physically installing the hardware firewall?

Thanks in advance for any leads on this.
0
Comment
Question by:ScottAllen1980
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
4 Comments
 
LVL 8

Accepted Solution

by:
charan_jeetsingh earned 63 total points
ID: 18813338
MAC address is one probable issue as most of the times for security reasons this is done to avoid evesdropping. at the local end also you can try clearing the ARP table for proxy and the connecting switches.
0
 
LVL 4

Expert Comment

by:chatxfalcon
ID: 18814323
Firewalls is working on Layer 3 and above. MAC Address is on Layer 2

I believe the problem is not on the MAC. The most probable cause is the physical setup.

Please do the following:

1) Check your cables and make sure its on the right port.
2) Check the port if working (try ping the firewall's port)
3) From your workstation try ping the gateway of your firewall.(the next hop)


I hope this helps.. :)


 
0
 
LVL 3

Assisted Solution

by:nalanbar
nalanbar earned 62 total points
ID: 18816621
MAC address, more than likely. The thing to do is to traceroute, and see where the packets stop. If you hit the firewall, and then no further, then the most likely answer is that the router doesn't recognize the MAC of the firewall, and so is dropping the traffic inbound from it. The fix is to either spoof the old MAC (should be printed on the bottom of the old firewall :D), or to adjust the router, which is a better answer. The real question after the traceroute is wether you or the ISP owns the router. If it is you, then you fix it yourself, ISP, you call them.
0

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Optimal Xbox 360 connectivity requires "OPEN NAT". If you use Juniper Netscreen or SSG firewall products in a home setting, the following steps will allow you get rid of the dreaded warning screen below and achieve the best online gaming environment…
Sometimes you have to pull out old tricks to get a new firewall to work… While we were installing a new Sonicwall at a customers site we found that sites they were able to visit before were not working.  It seemed random and we could not understa…
Come and listen to Percona CEO Peter Zaitsev discuss what’s new in Percona open source software, including Percona Server for MySQL (https://www.percona.com/software/mysql-database/percona-server) and MongoDB (https://www.percona.com/software/mongo-…
If you’ve ever visited a web page and noticed a cool font that you really liked the look of, but couldn’t figure out which font it was so that you could use it for your own work, then this video is for you! In this Micro Tutorial, you'll learn yo…

695 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question