intermittent network outage after firewall change
Posted on 2012-09-07
Ok...so here are some things I'm having trouble sorting out. I'm including as much info as possible that may affect how you answer:
I've had my own IT company for the last 8yrs. I'm not formally trained in this but I have a knack for it and enjoy the challenge. I'm usually successful but there are times like this I am baffled and need some more "eyes" on the target.
I have a 45 computer network running on an NT4 Domain. After changing/upgrading our firewall my clients lose internet connectivity about every 10 minutes for a period of about 2 minutes. (i.e. network goes down for 2 min or so, comes back up, runs for 10min or so, then goes down again for another 2min...cycle continues)
Cable Modem (Comcast) 25Mbps down, 4.5Mbps up
Old Firewall - Netgear FVS-318 (network was working fine)
New Firewall - Dell Sonicwall TZ215 (with latest firmware)
45 computer clients and 6 servers (client OS - XP Pro.....Servers are Win2003ent except for NT4 Domain ctrl which is virtualized)
What changed when it stopped working:
I switched out the FVS-318 Netgear firewall to improve security and throughput. When I did this I lost connectivity to a number of machines on the network. I set Sonicwall with the same basic settings as the previous firewall (DHCP - enabled, same IP range etc.). So, I set the DHCP range from 192.168.0.15 to 192.168.0.254. I noticed though that the machines that had static IP's (mainly the servers) were NOT getting internet/connectivity. The only way I could get them to attain access was to manually reserve their IP's in the Sonicwall and set the servers to "obtain IP automatically". That got them access but now every machine on the network, to my knowledge, loses internet connectivity (I lose remote connection when working on them) every 10min or so for 1-2min at a time. The time interval is sometimes more than 10 minutes and there's been times it's been up for 30min or more, but then it goes back down. Also I have set the DNS servers on the Firewall to OpenDNS's servers (220.127.116.11 and 18.104.22.168)
What I've done:
I've tried isolating different machines to determine if it's ALL machines on the network or if it's just some. To the best of my knowledge, it's all of them, and they lose connectivity to the outside world but the inside network continues to function. I am able to ping the servers and other machines when connectivity goes down, so I am assuming this is a Firewall issue, I just have no idea what's causing the problem. I've done some looking into DDoS attacks, but haven't found anything that points to that as being the problem, not to mention it didn't start until AFTER I changed the firewall out.
take your best shot please!