Need to find out switch & firewall IP and logon credentials

Hello and thank you for sharing your knowledge and wisdom. More importantly your time. Much appreciated.

A new client has 12 pc's, 1 server 2003 SBS R2 w/ Exchange and Web Servers. The site has DHCP enabled.

I'm in the process of putting together a Network Information File for them. For the life of me i cannot find what the managed hardware (switch & firewall) IP addresses are. The previous IT person never supplied them with any of that information.

This the hardware:
Firewall: WatchGuard FireBox x5 Edge
Switch: Linksys 24 port 10/100 switch Model# EF3124

Any input would be greatly appreciated.

Who is Participating?

Improve company productivity with a Business Account.Sign Up

bpl5000Connect With a Mentor Commented:
If you need to reset the FireBox (and I think you will), unplug the device, hold down the reset button on the back, reconnect the power, but continue to hold down the reset button until the yellow Attn light stays on.  Dauman is right about the switch, it is unmanaged.

You can use tracert to find your gateway.  Just run "tracert" at the command prompt and the last address before going to a public address should be your internal firewall address.  Chances are, it may not matter because you might need to reset the firewall box.  Good luck!
PagefrightConnect With a Mentor Commented:
It sounds like you will have to do a hard reset on those devices and reconfigure them back to normal operations.   There is no way to extract the login credentials from those devices.

That's poor practice (and form) of the former IT administrator.
omnimavenConnect With a Mentor Commented:
The firewall IP address is most likely your gateway address. On a PC just run ipconfig and you can get the gateway address.
The Firewall Audit Checklist

Preparing for a firewall audit today is almost impossible.
AlgoSec, together with some of the largest global organizations and auditors, has created a checklist to follow when preparing for your firewall audit. Simplify risk mitigation while staying compliant all of the time!

Unless the subnet of your network has changed since the last IT guy was there, you can run a ping sweep with a tool from SolarWinds.

From that, you should be able to determine what the IP address is of your switch.
your watchguard ip is going to be the gateway ip.
most any computer ... go to a CMD prompt and type "ipconfig /all"
and it will give you the gateway.
as for its' username and password, that could be anything.
the default for the firebox is - username: admin  - password: admin
if it has been changed it could be anything.
the only way there is to reset the box to factory defaults and reprogram it.

as for the switch, it would appear to be a unmanaged switch and have no ip.
I believe the default for Firebox is not admin/admin.  I'm fairly sure the username is blank and the password is "wg"

Give it a try before resetting the device.
loshdogAuthor Commented:
Thank you all for the input. Its very valued and informative.

The modem onsite has stopped responding so i can't remote in. I have to go on site (6:30 am est) and reset it manually. Since I'm there I'll perform the the above suggestions.  

I really hope I don't have to perform a hard reset. Never had to configure one before. But that's why I love this place.

Thank you again and I will post my results in the morning live from the site so plz tune in........ Lol.. j/k... ;)

PS.  I agree Pagefright "That's poor practice (and form) of the former IT administrator."
I see this kind of stuff all the time at sites.
Very bad practice and manner to conduct business with. Gives the smaller IT companies a bad name.

above link takes you t a website that contains all the default passwords and usernames try it loads of people i know never change the password
loshdogAuthor Commented:
Good morning all. Hope you are well rested and rejuvanated.
Well, I'm here onsite. Reseted the modem, all is ok. I ran a tracert and the last IP address before it goes public is which is also the gateway.
When I attemp to connect to it via IE it takes me to a bing search page. 
Not sure what that is all about?? I guess that's not the IP...?
The server has two NIC's Internal and External. External goes through the firebox, Internal goes through the switch.
Any additional input would be greatly appreciated. Thank you and have a productive day..
It looks like the default ip for the Firebox is  (

The bing search is probably coming up because your web browser isn't resolving to anything, which in the case of your browser automatically goes to bing to help you find alternatives.

Even though you are resolving a 192.168.1.*, I would manually set your IP to 192.168.111.* and try the ip above.

It could just be that the ip is or, but the port may have changed.  I do this to help prevent unauthorized usage and usually set the port to 8080 for web admin access.

Also, make sure you plug yourself directly into the Firebox and avoid the switch, if possible.

loshdogAuthor Commented:
Ok. I left the site. Got remote access again. Had to go to another appointment. I tried w/o any results. I also tired port :8080 which seems to be an industry standard for admin access. Also lead to nowhere.

Is there a way to do a sweep, scan ports or network sweep. Anyone know of any other good utility that will provide me with any info on this WatchGuard firewall.

I will try to use this as recommended by omnimaven:

Many thanks~

Off to another site filled w/ many more new surprises....


Sounds like the server is doing routing... that's not a recommended configuration.  If all traffic needs to route thru the server, then is the server a web filter or an ISA Server that is being used for web caching?  If there isn't a specific purpose for using the server to route, then I would recommend replacing the server with a wired router.
Looking at your question more closely, I see your client only has 12 workstations so you wouldn't need a router.  You wouldn't need multiple vlans so you can have the firewall as the default route, but the Exchange/Web server shouldn't be routing traffic to the firewall.  That doesn't make sense that the workstations would need to go thru the server to get to the web unless it's acting as a web filter or something like that.

Maybe they have the Exchange server connected to the DMZ of the firewall, but then they shouldn't have another connection going from the server to the switch.  I think you need to change their setup.
loshdogAuthor Commented:
Hello and thank you for your attention and expertise.

Wanted to make sure everyone is aware of the network schema at this place.

Two cable modems one for 4 tel lines the other for additional 4 tel lines & internet.
From modem it goes to Cisco 851 Seris Router (belong to ISP)  
From there it goes to the WatchGuard FireBox x5 Edge Firewall.  
The server has two NIC's. One connected to the Firewall the other  connected to the switch. All work stations connected to the switch.

loshdogAuthor Commented:
Thank you all again for your input on this issue. I sincerely appreciate your time and expertise.

So only the workstations and the server are connected to the switch?  This would mean that the workstations are routed thru the server and to the firewall.  In my opinion, this is not a good way to setup the network.  Have you checked the IP's on the server?  I wouldn't be surprised if one of the server IP was set as the default gateway.

Maybe I'm out of touch with smaller networks because we have over a thousand workstations and multiple vlans, but this just seems like a crazy way to do things.  What if the server goes down... people wouldn't be able to get to the internet?  I hope they are not using VoIP.
loshdogAuthor Commented:
It makes sens now. Matter of fact the workstations do loose internet connection when the server goes offline. I figured that it wasn't a good way to setup a network. No idea why all traffic is routed through the server. I think you hit the nail right on the head bpL5000. Thank you.

I started a new question.
  • Home>Networking>Network Management>Network Design & Methodology>Need to rebuild network.

Your input bpl5000 would be greatly valued and appreciated. Thank you in advance.


Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.