Solved

Creating a public wifi seperate from our private network

Posted on 2010-09-02
12
698 Views
Last Modified: 2013-12-27
Want to setup a Watchguard firebox x10e optional network to allow clients internet access but not access to the internal network.

Watchguard is connected directly to a T1 line. (The trusted network is working fine.)
I enabled the Optional network on the Watchguard with the default ip 192.168.112.1

Enabled Optional Network DHCP is on with the range 192.168.112.50 –  192.168.112.60

Plugged in a Linksys wireless access point WAP54G in access point mode to optional port on Firebox. I assigned the Linksys WAP 192.168.112.2

I can connect a computer wirelessly, the firebox optional network dhcp server assigns 192.168.112.50

But it cannot resolve internet domain names. I can ping public ip addresses.

What do I need to do to allow internet access?

Thanks,
Aaron
0
Comment
Question by:AJHebert
  • 5
  • 3
  • 2
  • +2
12 Comments
 
LVL 12

Assisted Solution

by:mlongoh
mlongoh earned 250 total points
Comment Utility
You have internet access if you can ping public IP addresses.  What is DHCP assigning as DNS servers on the optional network?
0
 
LVL 13

Accepted Solution

by:
marine7275 earned 250 total points
Comment Utility
you need to configure dns on the optional network on your dhcp scope. you can use 4.2.2.2
0
 
LVL 37

Expert Comment

by:Neil Russell
Comment Utility
What does it assign for DNS etc.
On the laptop do an IPCONFIG /ALL in a CMD window and paste the output here
0
 

Author Comment

by:AJHebert
Comment Utility
The DHCP is assigning the DNS assigned on the watchguard. Which works fine on the trusted side.

Optional Network settings does not seem to have an option to set the dhcp scope? Is this done in a different setting area?
0
 

Author Comment

by:AJHebert
Comment Utility
The DNS assigned is 64.90.1.1
0
 
LVL 12

Expert Comment

by:mlongoh
Comment Utility
That's your problem - that server is refusing queries (at least from me) and may only be configured to accept queries from nodes on it's network.  You can change it to 4.2.2.2 or another public DNS server that your ISP has identified as usuable for you.
0
Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

 
LVL 37

Expert Comment

by:Neil Russell
Comment Utility
from the wireless connected laptop, can you ping the default gateway? Ping the DNS server? run an NSLOOKUP for www.google.co.uk, do you get a result?
 
0
 

Author Comment

by:AJHebert
Comment Utility
Had to leave for the day. Will try using 4.2.2.2 in the morning and post an update or hopefully assign a solution.

I pinged the 64.90.1.1 and the default gateway and they ping fine.
0
 
LVL 12

Expert Comment

by:mlongoh
Comment Utility
If you can ping public Internet addresses then you are NOT having a connection/routing problem.  You almost surely are having a DNS resolution problem.
0
 
LVL 1

Expert Comment

by:freez965
Comment Utility
As many others have already commented, it looks like a purely DNS issue.  Check to be sure that the WAN DNS settings are getting passed to your DHCP clients -- once that is resolved, you should have no problems...should be an easy and fast fix.
0
 

Author Comment

by:AJHebert
Comment Utility
It's weird though, as i stated on the trusted side of the firewall we have about 15 computers that connect using the same dns setting with no issues.
0
 

Author Closing Comment

by:AJHebert
Comment Utility
Assigned 4.2.2.2 and it worked fine. The client informed me today that his ISP was bought out by another company. Contacted ISP and they told me that they are in the process of changing DNS settings on the network.
0

Featured Post

What Security Threats Are You Missing?

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

Working settings for French ISP Orange "Prêt à Surfer" SIM cards for data connections only. Can't be found anywhere else !
I recently attended Cisco Live! in Las Vegas, a conference that boasted over 28,000 techies in attendance, and a week of hands-on learning hosted by a solid partner with which Concerto goes to market.  Every year, Cisco displays cutting-edge technol…
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

14 Experts available now in Live!

Get 1:1 Help Now