Wireless Networks Thread, Firewall Config advice needed in Technical; Basically the issue is this. We are currently in the process of moving ISP and that means a new range ...
23rd August 2010, 09:32 PM #1
Firewall Config advice needed
Basically the issue is this. We are currently in the process of moving ISP and that means a new range of IP addresses. My concerns over the temporary delay in incomming E-mail as DNS changes kick in. (well not me personally but "certain" people at work get shirty if E-mail isn't received instantly )
So my I have a slightly hardware specifc question. I have a Netgear FVX538 firewall which usefullly has Dual WAN ports. The downside is that now is not the ideal time to get all experimental with my firewall so I need some advice on how to confgure it.
If I set it up in load-ballancing mode and configure each port for my old and new ISP does the second port remain active for incomming connections? i.e. can I set up firewall rules for port1 with my new mail servers IP address and Port 2 with my mail servers old IP address and stilll receive e-mail on both IP's while I wait for the DNS changes to perculate over the internet?
As I read the instruction manual it say that the load balancing is actually only applied to the outgoing connections but doensn't really mention incomming.
I currently have it set up to only use a single WAN port. I am assuming that the second port is "deactivated". Is this the case? Can I just plug in a connection to the second port and it still be active and thus accept incomming traffic?
Any suggestions would be appreciated.
23rd August 2010, 09:57 PM #2
Stuart, what are you using for email filtering? If you use an external service (such as webroot / EMF) then you might be able to get them to extend the time they store prior to forwarding messages on. There are a few other things this sort of service can do but rather than go on if you don't have it can you give any other details about who holds your DNS, etc to see if there is something else which can be done to smooth the transition.
24th August 2010, 12:05 AM #3
Short answer would seem to be "yes you can" - certainly would be true with a Smoothie firewall, cant see why not with yours.
24th August 2010, 12:38 AM #4
- Rep Power
May also be worth temporarily changing the TTL settings in the DNS down to the minimum well in advance of the switch-over. That way the changes should propagate a lot more quickly when the time comes?
24th August 2010, 12:47 AM #5
Presuming you have had a look at ftp://downloads.netgear.com/files/FV..._27Jan2010.pdf (section B-7)
For this you need to set up outbound in load-balancing mode and you need to set up the static routes for incoming traffic. Presuming that you already have static routes in place on your existing WAN connection these should just be duplicated on WAN2. Unless you have bound particular protocols to a particular WAN port then the response to inbound traffic should go out the same port. Just remember to backup the config (granny, eggs, sucking, blah, blah, blah)
24th August 2010, 12:55 AM #6
Seconded. When I've had sufficient control of DNS I've always done that e.g. 24 hours => 20 min TTLs a couple of days prior to significant IP address changes and it's always been worthwhile. Hasn't always done what it was supposed to everywhere because of some "interesting" configs out there on the net, but it certainly tends to help.
May also be worth temporarily changing the TTL settings in the DNS
24th August 2010, 11:13 AM #7
Yes that was what I was reading last night. It's B-9 where it talks about the incoming traffic. Essentially I am looking to make both "public". I think it will be OK, it's just having not done it before I'm not feeling confident. Will probably just have to "suck it and see".
Originally Posted by GrumbleDook
To be honest I'm not actually looking to load ballance the connection as I want to be using our new faster internet. I just need two active outside ports for incomming connections.
By pooley in forum Thin Client and Virtual Machines
Last Post: 7th November 2011, 10:34 AM
By dleigh in forum Internet Related/Filtering/Firewall
Last Post: 9th June 2010, 03:42 PM
By ICTNUT in forum Thin Client and Virtual Machines
Last Post: 28th March 2008, 10:09 PM
By projector1 in forum Hardware
Last Post: 24th February 2006, 10:20 AM
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)