ISP Static Block WAN issue
-
Hello all,
First post to the community, thank in advance for any help.
Setting up an SG-2100 for a small office client. Currently they have a block of 5 static IP addresses with their ISP. DHCP is handled by their router for end devices.
One of the static’s goes to a managed switch for hosted phones and one for the router.
I want to slip the SG-2100 in between the router (currently a home router but will be a Cisco RV260W and the modem from the ISP (an Arris).
I did that today and everything was up according to the dashboard but I couldn’t ping outside the network.
I’m not sure what the issue is. I can ping devices on the network.
Did the troubleshooting connectivity and couldn’t find an issue.
Welcome to suggestions on how to approach this issue.
Again thank you for the info in advance or any directions I should go.
-Brenden
-
If you put it inbetween the modem and router what is now handling the connection to the ISP? The SG-2100 WAN? Is the downstream router now in the pfSense LAN subnet?
Where is the managed switch that has one of the static public IPs?
Steve
-
@stephenw10 said in ISP Static Block WAN issue:
If you put it inbetween the modem and router what is now handling the connection to the ISP? The SG-2100 WAN? Is the downstream router now in the pfSense LAN subnet?
Where is the managed switch that has one of the static public IPs?
Steve
So the modem is connected to the WAN port on the SG-2100 and the router would be on coming of LAN1.
From an addressing standpoint, they’ll only be one subnet but I assumed that would be handled by the router.
The SG-2100 was supposed to provide a network firewall with IDS and the router was supposed to provide VPN for the outgoing connection.
Does that answer your question? Apologies if there’s a misunderstanding.
-
@kasterborous the subnet in the end will address the router, 2 office printers, a credit card machine, (statically) and a bunch of laptops, desktops, and phones through DHCP
-
@kasterborous said in ISP Static Block WAN issue:
From an addressing standpoint, they’ll only be one subnet but I assumed that would be handled by the router.
Hmm, not sure I understand what you mean here.
If you changed nothing else then I expect the SG-2100 to pulll a public IP address on it's WAN and offer 192.168.1.0/24 to LAN side devices. The attached router will pull an IP from pfSense in that subet on its WAN. That may be conflicting with whatever it's using on its LAN causing an issue.
Still not sure where the managed switch is in this or how it gets a public IP.
If the outgoing traffic from the internal network is all going over a VPN from the internal router then pfSense will see none of that as it's all encrypted at that point. There is little point running a IDS against it.
Steve
-
@stephenw10 said in ISP Static Block WAN issue:
@kasterborous said in ISP Static Block WAN issue:
From an addressing standpoint, they’ll only be one subnet but I assumed that would be handled by the router.
So the managed switch the ISP uses for hosted phones is connected to the modem and the router directly with two separate patch cables.
The line to the router gives the handsets internet access for computers to plug into the handsets via patch cable, the line to the modem is for the VOIP hosted phones.
Hmm, not sure I understand what you mean here.
If you changed nothing else then I expect the SG-2100 to pulll a public IP address on it's WAN and offer 192.168.1.0/24 to LAN side devices. The attached router will pull an IP from pfSense in that subet on its WAN. That may be conflicting with whatever it's using on its LAN causing an issue.
The router is not hooked up yet. At this point I have my laptop plugged directly in to configure it before connecting the router.
Still not sure where the managed switch is in this or how it gets a public IP.
If the outgoing traffic from the internal network is all going over a VPN from the internal router then pfSense will see none of that as it's all encrypted at that point. There is little point running a IDS against it.
Steve
-
So you plan to have two connections between the modem and the existing router and you want to put the SG-2100 in one of them?
I thing we might need a diagram here.
Steve
