Solved

Internet access through T1 line down after replacing hardware firewall

Posted on 2007-03-28
4
220 Views
Last Modified: 2010-03-17
I need help with this potential employment question.  This is NOT an exam question, but part of a long list for me to research and get back within the next week:

"Your company has an internet connection supplied to the LAN from a hardware firewall connected to a T1 router.  During normal business hours the Internet goes down.  After checking the T1 router and the corporate firewall you find that the firewall has suffered a hardware failure.  You replace the hardware firewall with a spare firewall.  The spare firewall is the exact same model and runs the same firmware.  You use the configuration file that was in production on the failed firewall.  The configuration file is sound.  You shutdown the old firewall and remove it from the network and you install the new firewall with the same configuration file already in place.  You cable the firewall properly and it starts normally.  None of the systems on your network can get out to the Internet.  What is the highest probable cause for this issue and what do you do first to resolve the issue.  Also list other probable causes for the Internet connectivity issue."

My initial thinking is that the new hardware firewall, although identical in model, firmware, and configuration file, has a different MAC address, and there may be an issue with the T1 provider's router and this new address.  Secondly, could installing the firewall with the configuration file already in place be an issue, as opposed to running the configuration file after physically installing the hardware firewall?

Thanks in advance for any leads on this.
0
Comment
Question by:ScottAllen1980
4 Comments
 
LVL 8

Accepted Solution

by:
charan_jeetsingh earned 63 total points
ID: 18813338
MAC address is one probable issue as most of the times for security reasons this is done to avoid evesdropping. at the local end also you can try clearing the ARP table for proxy and the connecting switches.
0
 
LVL 4

Expert Comment

by:chatxfalcon
ID: 18814323
Firewalls is working on Layer 3 and above. MAC Address is on Layer 2

I believe the problem is not on the MAC. The most probable cause is the physical setup.

Please do the following:

1) Check your cables and make sure its on the right port.
2) Check the port if working (try ping the firewall's port)
3) From your workstation try ping the gateway of your firewall.(the next hop)


I hope this helps.. :)


 
0
 
LVL 3

Assisted Solution

by:nalanbar
nalanbar earned 62 total points
ID: 18816621
MAC address, more than likely. The thing to do is to traceroute, and see where the packets stop. If you hit the firewall, and then no further, then the most likely answer is that the router doesn't recognize the MAC of the firewall, and so is dropping the traffic inbound from it. The fix is to either spoof the old MAC (should be printed on the bottom of the old firewall :D), or to adjust the router, which is a better answer. The real question after the traceroute is wether you or the ISP owns the router. If it is you, then you fix it yourself, ISP, you call them.
0

Featured Post

Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Low Broadband usage..?? 3 60
Expanding Subnet Mask 20 210
Sonicwall guest user accounts 2 31
Need a "SonicWall" Replacement 12 49
Occasionally, we encounter connectivity issues that appear to be isolated to cable internet service.  The issues we typically encountered were reset errors within Internet Explorer when accessing web sites or continually dropped or failing VPN conne…
This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…

730 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question