Re: Switching IP address ranges

Paul,

Without beating up on you anymore, there are always two sides to every
issue. For someone to simply say that what you proposed is not good enough
is cr*p. In my opinion, way too many people are under the false belief that
their network is completely safe because they install something called a
"firewall".

Please check out Tom Schinder's article entitled:

ISA Firewall Fairy Tales - What Hardware Firewall Vendors Don't Want You to
Know (v1.02)
http://www.isaserver.org/articles/2004tales.html

If you have time, two true stories!

True story #1: I was on the phone most of yesterday afternoon with an auto
dealership in Tennesse (and I am in Florida). We were having a problem with
getting a local .Net app to properly logon to a secured web site. I asked if
they had a proxy server or firewall installed. They had no clue if they had
one or not. Someone said "I think we have something that filters out
profanity".

Good, I said. I then had to verbally instruct them to go find the room where
their telephone wiring and modems are located. They did. I asked them if
they saw a red box anywhere (assuming they might have a Watchdog Firebox).
Sure enough they did. I asked if anyone monitors or checks the logs. "Oh,
no", they said, we don't do anything with that box.

So, here, someone sold them a firewall and installed it, and the customer
gets no reports, no logs --- they have no clue if it even works or not!

True story #2: At another site, the company showed me their invoce where
they bout two firewalls, one for each of their buildings. I asked them to
show me their firewalls. They couldn't. They paid for something that was
never delivered or installed. And yet the customer thought they were
completely protected.

--
Kevin Weilbacher [SBS-MVP]
"The days pass by so quickly now, the nights are seldom long"


"Paul Bishop" <PaulBishop@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:32A1141B-22A7-42C1-85B1-10D620B61D8F@xxxxxxxxxxxxxxxx
Thanks to everyone for their answers -

Just to quickly add further to many points raised

1 - The sonicwall is within my main network because it provides managed
antivirus and antispyware as well as secure VPN access. (The vendor does
not
accept SBS's VPN as been a "proper" VPN)

2 - The IP adddress can not be 16.X as I manage multiple sites and I
already
have a sonicwall product on 16.x and it would prevent them been able to
correctly manage both of my produces (apparantly)

Thanks for the advice and keep it comming :D

"Andrew M. Saucci, Jr." wrote:

Another possibility is simply to place the Sonicwall in between
the Internet and the SBS's WAN card rather than disrupt the entire
network.
I have changed LAN IP subnets more than once on some relatively small SBS
networks and it is tedious work with LOTS of potential for error. If you
do
this, be sure to shut off your cellular phone and expect an evening of
total
down time, even if you can use the SBS 2003 Change LAN IP wizard, which I
imagine does a decent job of fixing the SBS but may not cover the rest of
the LAN well,depending upon what's there. You'll have to take an
inventory
of every IP device on the network. Even at that, chances are some detail
will be overlooked. I would not do this without a very good reason. (My
reason was inter-client VPN capability; I just have to be able to VPN
from
any of my clients to any other client, and that requires that they all
have
unique LAN subnets.)

And yes-- if the Sonicwall can't be reconfigured for
192.168.16.x,
then it's almost worthless. Even a $50 router has the capability of
picking
a new LAN IP subnet. I'd change the Sonicwall before changing anything
else.

"Paul Bishop" <PaulBishop@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:0ABF7248-CFD2-422E-8DAA-8EF2C056798A@xxxxxxxxxxxxxxxx
Hi there,

I am having a security device added to one of my small business
networks
which requires me to change the I.P. address range on my SBS network
from
192.168.16.x to 192.168.Something else.x - sorry for the terible
notation
and spelling ;)

I am using SBS Premium which currently uses ISA but ISA will be
replaced
with the sonicwall and my SBS will be in Single NIC mode.

Anyone got ny hints on the best way for a smooth transition?





.

Relevant Pages

  • Re: May need to move from SBS because of connection issues
    ... Just to make sure you are clear regarding port 4125, ... access remote systems and you are behind a firewall on a non-SBS network, ... established that RWW worked TO your SBS network from outside. ... have been proof that the required ports were forwarded to the SBS server. ...
    (microsoft.public.windows.server.sbs)
  • Adjunto 24k ! Error conexión remota 2003 SBS
    ... He habilitado la conexión remota de sbs 2003 para trabajadores que acceden ... Servidor 2003 SBS con 1 tarjeta de red, IP de clase C, conectada a switch ... Internamente desde Lan funciona todo a las 1000 maravillas. ... Problemas del firewall? ...
    (microsoft.public.windows.server.sbs)
  • Re: Firewall Questions
    ... No firewall. ... > sketch their idea of what they saw as a new network plan. ... > They want this firewall to be in NAT mode where everything in the LAN ...
    (comp.security.firewalls)
  • Re: SBS2008 Single Single NIC only
    ... fire wall to seperate it from the rest of the network. ... You had to go thru the SBS firewall or Natting to get ... I put my printer ouside the SBS domain so both ...
    (microsoft.public.windows.server.sbs)
  • RE: New Install of SBS 2003?
    ... up to now, it's time to move on, along with your move to SBS. ... firewall appliance" is the minimum acceptable device. ... This presumes the network is being kept up-to-date with security ...
    (microsoft.public.windows.server.sbs)
Loading