Solved

no web browsing from any machine in the domain, but DNS works ?

Posted on 2013-11-04
10
673 Views
Last Modified: 2013-11-06
on an SBS 2011 network, no one in the office can browse the internet including the server.  mail is coming in OK, you can open a command line and ping a name and it resolves OK.

Is this something outside the building / internet provider issue that there's no web browsing?

From outside the building / network I can type in an IP address like:

http://74.53.172.88/ and that brings up a page.  Not for them.  The SBS box is single nic, doing dns and dhcp.

any thoughts?  I am calling the internet provider but figured I'd get a better / quicker answer here!
0
Comment
  • 5
  • 4
10 Comments
 
LVL 56

Accepted Solution

by:
Cliff Galiher earned 250 total points
Comment Utility
If name resolution is working then my first guess is that you have web traffic being blocked. It may not be your ISP though. Check your firewall/edge router for rules that may not be allowing web traffic. It is also not entirely uncommon for a business to have a proxy server at the edge to protect web browsing, so standard web traffic is disallowed and *must* go through the proxy.
0
 

Author Comment

by:BeGentleWithMe-INeedHelp
Comment Utility
Ah! There is a Watchguard Fireware xtm in front of everyone.  Tried logging in and got a 'Code : 5
A connection could not be established to the device.'

power cycled it for about 10 seconds (is that long enough?).

trying to get in now.

(still on hold with ISP)
0
 

Author Comment

by:BeGentleWithMe-INeedHelp
Comment Utility
reboot did it.  thanks.  Now on hold for watchguard to see why that happened.
0
 
LVL 77

Assisted Solution

by:Rob Williams
Rob Williams earned 250 total points
Comment Utility
For how many devices is the Watchguard licensed?  If 10 for example and after a reboot 10 guest devices or devices on your lan connect and get registered, by MAC, no other device will be able to get to the internet.   Rebooting the device resets the counter.  It does not affect LAN traffic, just internet access.
0
 

Author Comment

by:BeGentleWithMe-INeedHelp
Comment Utility
rob - do you know if I should see that in the web interface (how many users are licensed?).

its not unlimited / performance would just degrade but it would keep working?  now people bring in laptops, tablets, phones, etc.... let alone guests coming into the office.  how does the typical small business deal with that.  5 - 10 employees x 1 desktop x 1 - 2 phones / tablets they bring in + clients / vendors / family that come in once in a while, etc.

are there other vendors that deal with this better?  Fortinet? Isn't that 'unlimited'?  Sure a low end box can't keep up if installed in a fortune 500 site, but even if there's 40 devices on the LAN, not all are using the web at the same time (statistically on average), so for a small business the throughput isn't a big deal vs. licensed for 20 machines.

right?
0
Find Ransomware Secrets With All-Source Analysis

Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.

 
LVL 77

Expert Comment

by:Rob Williams
Comment Utility
>>"rob - do you know if I should see that in the web interface (how many users are licensed?)."
I have only used the old Watchguards, but there was a place to see the registered MAC's 10 years ago.

>>"its not unlimited / performance would just degrade but it would keep working?"
It will allow unlimited LAN access but will only allow internet access to the number of licenses you have, and no one else. 100% blocked.

>>" now people bring in laptops, tablets, phones, etc.... let alone guests coming into the office.  how does the typical small business deal with that.  5 - 10 employees x 1 desktop x 1 - 2 phones / tablets they bring in + clients / vendors / family that come in once in a while, etc."
Firstly I would NEVER give an unknown device access to a business network.  Usually we have a commercial ISP account with multiple public IP's and then insert a switch between the modem and 2 Routers, the second router being for guests. This creates an isolated guest network with Internet access but no LAN access.  Commercial grade routers will allow you to do this internally without the need for a switch and second router, by creating VLAN’s.  The Watchguard XTM should allow you to do so.  If worried about licensing costs, the second router allows you to use something like a cheap Linksys for guests that has no licensing limitations.  The following site outlines this to some degree:
http://blog.lan-tech.ca/2011/05/23/create-an-isolated-network-using-one-isp-connection-and-modem/

>>”are there other vendors that deal with this better?  Fortinet? Isn't that 'unlimited'?  Sure a low end box can't keep up if installed in a fortune 500 site, but even if there's 40 devices on the LAN, not all are using the web at the same time (statistically on average), so for a small business the throughput isn't a big deal vs. licensed for 20 machines.”
Most commercial grade routers, have licensing limitations.  I am not sure about Fortinet but Watchguard, Cisco, Juniper, and others do.  Lower end units like Netgear, Linksys, and D-link do not.   Cisco for instance have licenses for 10, 50, and unlimited, and are priced accordingly.
0
 

Author Comment

by:BeGentleWithMe-INeedHelp
Comment Utility
thanks.  yeah, OK, so there's a vlan for guests / family of employees, etc... does that count against the count of licenses?  What typically does the license cover?
0
 
LVL 77

Expert Comment

by:Rob Williams
Comment Utility
I am afraid I am not up on Watchguard licensing.  There are user licenses as well as licenses for branch VPN, mobile VPN, and security services.  However, I would think guest access counts as well, but you would be best to check with a Watchguard reseller.  It looks as if you may be able to release licenses as well as assign licenses and regain control:
http://www.watchguard.com/help/docs/edge/10/en-US/index_Left.html#CSHID=en-US%2Fauthentication%2Fusermanagement%2Fuser_lic_about_e.html|StartTopic=Content%2Fen-US%2Fauthentication%2Fusermanagement%2Fuser_lic_about_e.html|SkinName=Edge (en-US)
0
 

Author Comment

by:BeGentleWithMe-INeedHelp
Comment Utility
THANKS!
0
 
LVL 77

Expert Comment

by:Rob Williams
Comment Utility
You're very welcome.
Good luck with it.
--Rob
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

The articles for turning off the Client firewall policy on the internet are for SBS 2008 and don't really help for SBS 2011. They actually moved the Client firewall policy. In 2011, the client firewall policy has moved to the SBS computers conta…
I work for a company that primarily works with small businesses as their outsourced IT vendor. As such the majority of these customers utilize some version of Small Business Server. Due to the economics of running a small business, many of these cus…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now