change ISP, firewall

Forums › LAN (ethernet/Wifi/routers/Bluetooth) › change ISP, firewall

jms042016

31 posts

Geek

#214667 23-May-2017 11:55

Hi guys

I need some advice here, I will need to change the ISP from NZ Wireless to Spark in my company. Normally that's easy just simply unplug the old one and plug the new one in the router. But we have a sonicwall firewall, I thought I should ask here for any advice before I actually do anything stupid.

Google tell me that I will need to change the external IP address, and DNS in sonicwall, anything else?

Any advice is appreciated.

Cheers.

James

robjg63

3107 posts

Uber Geek

#1786603 23-May-2017 12:04

It really depends on how the sonicwall has been configured.

It could be as simple as just swapping it over - in which case just try and see, but as it is one of your primary defences against the nasties on the internet, I would suggest you get someone who knows about Sonicwalls to check it out for you.

Nothing is impossible for the man who doesn't have to do it himself - A. H. Weiler

1101

2149 posts

Uber Geek

#1786643 23-May-2017 13:02

If you dont get it correct, you'll loose internet connection on the LAN (PC's & servers)
and have emails not coming into your server

If running Exchange on your own server it needs to be carefully planned
- get new static IP, check new static IP isnt blacklisted, change DNS MX etc, ptr & spf , plan changeover (day & time) & allow for outages
- configure new router to sonic wan
- resolve issues where ISP's routers wont port forward or DNS correctly (ie buy a descent one if needed)
- is the sonic doing the internet connection login or Vlan tagging ?
- new ISP port 25 blocking ?

If you have a Internet router=>sonicwall, then generally shouldnt need to change any sonic settings

as above, it all depends on how it was setup.

Ive seen plenty of cases where companies change ISP without telling there IT support.....
then theres a mad scramble to try & get them back online afterwards .

jms042016

31 posts

Geek

#1786714 23-May-2017 13:32

1101:

If you dont get it correct, you'll loose internet connection on the LAN (PC's & servers)
and have emails not coming into your server

If running Exchange on your own server it needs to be carefully planned
- get new static IP, check new static IP isnt blacklisted, change DNS MX etc, ptr & spf , plan changeover (day & time) & allow for outages
- configure new router to sonic wan
- resolve issues where ISP's routers wont port forward or DNS correctly (ie buy a descent one if needed)
- is the sonic doing the internet connection login or Vlan tagging ?
- new ISP port 25 blocking ?

If you have a Internet router=>sonicwall, then generally shouldnt need to change any sonic settings

as above, it all depends on how it was setup.

Ive seen plenty of cases where companies change ISP without telling there IT support.....
then theres a mad scramble to try & get them back online afterwards .

We are a small company, so we don't have an IT department.

So we are like this:

Current connection: NZ Wireless modem -> Sonicwall firewall -> Switch -> computers

New connection 1: Fiber -> Spark modem -> Sonicwall Firewall -> Switch -> computers

New connection 2: Fiber -> Sonicwall Firewall -> Switch -> computers

I think I should use the new connection 2 right? Or should I use new connection 1? It looks like I am in the "generally shouldn't need to change any sonic settings" bucket right?

Cheers

James

robjg63

3107 posts

Uber Geek

#1786730 23-May-2017 13:44

Probably go with (1) as its the closest to your current setup.

Who sold you and setup the Sonicwall? There are a few places that can config them for you.

Nothing is impossible for the man who doesn't have to do it himself - A. H. Weiler

djtOtago

631 posts

Ultimate Geek

Subscriber

#1786740 23-May-2017 13:54

If you go with 2, Sonicwall will need to be configured to Tag data on the WAN interface (VLAN Tag 10) and will need to establish a PPPoE connection with Spark.

Can Sonicwall do any of this?

jms042016

31 posts

Geek

#1786773 23-May-2017 14:22

robjg63:

Probably go with (1) as its the closest to your current setup.

Who sold you and setup the Sonicwall? There are a few places that can config them for you.

djtOtago:

If you go with 2, Sonicwall will need to be configured to Tag data on the WAN interface (VLAN Tag 10) and will need to establish a PPPoE connection with Spark.

Can Sonicwall do any of this?

Method 2 sounds too complicated, I think I will go with one, I just want it to work. Cheers - James

1101

2149 posts

Uber Geek

#1787346 24-May-2017 11:09

jms042016:

Current connection: NZ Wireless modem -> Sonicwall firewall -> Switch -> computers

New connection 1: Fiber -> Spark modem -> Sonicwall Firewall -> Switch -> computers

just make sure the new spark modem's IP , DNS & port forwards are setup the same as the old modem.
Then it will work (assuming the new 'modem' isnt a buggy mess).

Do you have an internal server for your email, if so you MUST reconfigure your internet domain settings (MX record etc), via your domain hosting
service.
If your email is cloud based, then thats not an issue .

hio77

'That VDSL Cat'
12345 posts

Uber Geek

Trusted

Spark

Subscriber

#1787351 24-May-2017 11:24

In this situation, definately terminate on the sonicwall.

Keep the spark modem handy for any trouble shooting since that makes life easy, but no point in adding complexity where your gear will already support things.

All your setup will be is PPPoE Vlan 10.

https://support.sonicwall.com/kb/sw11241

Here is a quick guide to help ya (literally one of the easier firewalls to configure for this tbh)

Spark use the ONT phone ports so you dont need the rgw to be the ATA or anything.

#include <std_disclaimer>

Any comments made are personal opinion and do not reflect directly on the position my current or past employers may have.

timmmay

16108 posts

Uber Geek

Trusted

Subscriber

#1787357 24-May-2017 11:38

I really think getting someone in to do this for you would be a good idea. Plenty of places will do this based on an hourly rate. A good network engineer will be upwards of $100 / hr, but what would it cost to have your systems all down?

stevenk

22 posts

Geek

#1787367 24-May-2017 11:57

+1 on what timmmay said.

vulcannz

436 posts

Ultimate Geek
Inactive user

#1788046 25-May-2017 11:28

If you are being connected to UFB with Chorus then you will need to use a VLAN tag on your WAN as above. It's not that hard.

Let me know the model you are using, or PM me your serial number and I can make sure you are good to go with NZ UFB.

Also, on the WAN interface (e.g X1:V10) make sure you set your MTU to 1420, and uncheck the "Fragment Non-VPN outbound packets". Makes things blaze. We have so many MTU issues in NZ it gives me headaches.

jms042016

31 posts

Geek

#1788080 25-May-2017 12:44

hio77:

... ...

timmmay:

... ...

vulcannz:

... ...

Thanks guys for all your help, I am able to simply plug into the Spark mode, and it mostly works.

1101:

just make sure the new spark modem's IP , DNS & port forwards are setup the same as the old modem.
Then it will work (assuming the new 'modem' isnt a buggy mess).

... ...

You mention of setting up the DNS & port forwards save me a lot time, thanks again guys.