Solved

no web browsing from any machine in the domain, but DNS works ?

Posted on 2013-11-04
10
674 Views
Last Modified: 2013-11-06
on an SBS 2011 network, no one in the office can browse the internet including the server.  mail is coming in OK, you can open a command line and ping a name and it resolves OK.

Is this something outside the building / internet provider issue that there's no web browsing?

From outside the building / network I can type in an IP address like:

http://74.53.172.88/ and that brings up a page.  Not for them.  The SBS box is single nic, doing dns and dhcp.

any thoughts?  I am calling the internet provider but figured I'd get a better / quicker answer here!
0
Comment
  • 5
  • 4
10 Comments
 
LVL 56

Accepted Solution

by:
Cliff Galiher earned 250 total points
ID: 39621595
If name resolution is working then my first guess is that you have web traffic being blocked. It may not be your ISP though. Check your firewall/edge router for rules that may not be allowing web traffic. It is also not entirely uncommon for a business to have a proxy server at the edge to protect web browsing, so standard web traffic is disallowed and *must* go through the proxy.
0
 

Author Comment

by:BeGentleWithMe-INeedHelp
ID: 39621643
Ah! There is a Watchguard Fireware xtm in front of everyone.  Tried logging in and got a 'Code : 5
A connection could not be established to the device.'

power cycled it for about 10 seconds (is that long enough?).

trying to get in now.

(still on hold with ISP)
0
 

Author Comment

by:BeGentleWithMe-INeedHelp
ID: 39621748
reboot did it.  thanks.  Now on hold for watchguard to see why that happened.
0
 
LVL 77

Assisted Solution

by:Rob Williams
Rob Williams earned 250 total points
ID: 39622116
For how many devices is the Watchguard licensed?  If 10 for example and after a reboot 10 guest devices or devices on your lan connect and get registered, by MAC, no other device will be able to get to the internet.   Rebooting the device resets the counter.  It does not affect LAN traffic, just internet access.
0
 

Author Comment

by:BeGentleWithMe-INeedHelp
ID: 39628072
rob - do you know if I should see that in the web interface (how many users are licensed?).

its not unlimited / performance would just degrade but it would keep working?  now people bring in laptops, tablets, phones, etc.... let alone guests coming into the office.  how does the typical small business deal with that.  5 - 10 employees x 1 desktop x 1 - 2 phones / tablets they bring in + clients / vendors / family that come in once in a while, etc.

are there other vendors that deal with this better?  Fortinet? Isn't that 'unlimited'?  Sure a low end box can't keep up if installed in a fortune 500 site, but even if there's 40 devices on the LAN, not all are using the web at the same time (statistically on average), so for a small business the throughput isn't a big deal vs. licensed for 20 machines.

right?
0
Zoho SalesIQ

Hassle-free live chat software re-imagined for business growth. 2 users, always free.

 
LVL 77

Expert Comment

by:Rob Williams
ID: 39628389
>>"rob - do you know if I should see that in the web interface (how many users are licensed?)."
I have only used the old Watchguards, but there was a place to see the registered MAC's 10 years ago.

>>"its not unlimited / performance would just degrade but it would keep working?"
It will allow unlimited LAN access but will only allow internet access to the number of licenses you have, and no one else. 100% blocked.

>>" now people bring in laptops, tablets, phones, etc.... let alone guests coming into the office.  how does the typical small business deal with that.  5 - 10 employees x 1 desktop x 1 - 2 phones / tablets they bring in + clients / vendors / family that come in once in a while, etc."
Firstly I would NEVER give an unknown device access to a business network.  Usually we have a commercial ISP account with multiple public IP's and then insert a switch between the modem and 2 Routers, the second router being for guests. This creates an isolated guest network with Internet access but no LAN access.  Commercial grade routers will allow you to do this internally without the need for a switch and second router, by creating VLAN’s.  The Watchguard XTM should allow you to do so.  If worried about licensing costs, the second router allows you to use something like a cheap Linksys for guests that has no licensing limitations.  The following site outlines this to some degree:
http://blog.lan-tech.ca/2011/05/23/create-an-isolated-network-using-one-isp-connection-and-modem/

>>”are there other vendors that deal with this better?  Fortinet? Isn't that 'unlimited'?  Sure a low end box can't keep up if installed in a fortune 500 site, but even if there's 40 devices on the LAN, not all are using the web at the same time (statistically on average), so for a small business the throughput isn't a big deal vs. licensed for 20 machines.”
Most commercial grade routers, have licensing limitations.  I am not sure about Fortinet but Watchguard, Cisco, Juniper, and others do.  Lower end units like Netgear, Linksys, and D-link do not.   Cisco for instance have licenses for 10, 50, and unlimited, and are priced accordingly.
0
 

Author Comment

by:BeGentleWithMe-INeedHelp
ID: 39628485
thanks.  yeah, OK, so there's a vlan for guests / family of employees, etc... does that count against the count of licenses?  What typically does the license cover?
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 39628522
I am afraid I am not up on Watchguard licensing.  There are user licenses as well as licenses for branch VPN, mobile VPN, and security services.  However, I would think guest access counts as well, but you would be best to check with a Watchguard reseller.  It looks as if you may be able to release licenses as well as assign licenses and regain control:
http://www.watchguard.com/help/docs/edge/10/en-US/index_Left.html#CSHID=en-US%2Fauthentication%2Fusermanagement%2Fuser_lic_about_e.html|StartTopic=Content%2Fen-US%2Fauthentication%2Fusermanagement%2Fuser_lic_about_e.html|SkinName=Edge (en-US)
0
 

Author Comment

by:BeGentleWithMe-INeedHelp
ID: 39628567
THANKS!
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 39628665
You're very welcome.
Good luck with it.
--Rob
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Because virtualization becomes more and more common, and, with Microsoft Hyper-V included in Windows Server at no additional costs, and, most server hardware nowadays is more than capable of running a physical Small Business Server (SBS) 2008 or 201…
I’m often asked about newer and larger USB drives connected to SBS2008 and 2011 failing Windows Server Backup vs the older USB drives not failing. As disk space continues to grow and drive technology change SBS2008 and some SBS2011 end up with the f…
Internet Business Fax to Email Made Easy - With eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, fr…
Internet Business Fax to Email Made Easy - With  eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, f…

867 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

25 Experts available now in Live!

Get 1:1 Help Now