Viewing Article

No StarNo StarNo StarNo StarNo Star | Nov 3 2011, 1:03 PM |
Generic Firewall Guide

Generic Firewall Guide

This is a generic guide to configuring most firewalls and routers behind Sharedband.
If you normally use an IT company we would recommend speaking to them first to avoid any unforeseen circumstances.
There is an FAQ section at the back of this guide.

Step 1 – Sharedband Installation

Install Sharedband using the relevant quick install guide and make sure you can connect to the internet by plugging in a PC directly into the Sharedband routers or the switch if you are using one.

We recommend you run a couple of speedtests. You can use the speedtest server located cloest to you by visiting http://speedtest.sharedband.net

Step 2 – Pre setup

By default Sharedband routers use the range (subnet) 192.168.3.1-254.

The LAN (secure) and WAN (unsecure/internet) interfaces on your firewall need to be in different subnets (ranges).
Very simplified, a subnet is a range of IP addresses e.g 192.168.3.1 to 192.168.3.254.
You need to make sure the 3rd number separated by dots (in this case 3), is not the same on both LAN and WAN interfaces. If this number is the same, please follow the guide at http://support.sharedband.com/index.php?act=article&code=view&id=11 which explains how to change the IP range on the Sharedband routers.

We highly recommend you set a static address on your firewall to stop a potential issue later on.
Choose an IP address for your firewall outside of the DHCP range, we recommend one between .18 and .99.

Step 3 – Configuring the firewall

Log on to the firewall and edit the WAN interface settings:
Set the IP address to be static and enter the IP address you chose above.
The subnet mask will be 255.255.255.0.
The gateway will be 192.168.3.250 (unless you changed it in step 2)
The primary DNS sever address will be the same as the gateway.
If you have space for a secondary DNS server you can either use a public DNS like google/opendns (8.8.8.8/208.67.222.222) or leave it blank.
The MTU value must be reduced/set as explained in knowledgebase article http://support.sharedband.com/kb/kb8
Save the settings and reboot the firewall if necessary.

Connect a PC inside the firewall and check you have internet access. If not, there may be an additional step necessary and we would recommend that you please consult the troubleshooting section.

Step 4 – Disable ARP Spoof Detection / MAC Address Filtering

You will need to turn your firewall's ARP spoof detection feature off (if it is present and enabled). Though you may need to contact your firewall vendor for information on how to do this, we have provided instructions for common firewalls at http://support.sharedband.com/kb/kb3

Step 5 – Forwarding all traffic.

Follow the below guide to utilise a host allocation. In the destination box, input the same static IP address of your firewall's WAN port that you set above (e.g. 192.168.3.50). By setting a Host Allocation you are forwarding all traffic on all ports and protocols to the firewall. VPNs and your existing firewall based port mappings should now work.

http://support.sharedband.com/index.php?act=article&code=view&id=15

 

FAQ

Q. What is going to change?

A. Your public IP address will change.
If you use an onsite mail server such as SBS or Exchange, this could stop outgoing mail.  Reverse DNS may need to be setup.
If you have any VPNs setup you will need to change the public IP people use to access your VPN server.

Q. What is my public IP address?

A. Using the details in the welcome letter, log on to the Sharedband NOC.
Click on the configuration and then click IP address mappings. Your static IP/s will be listed here.

Q. Can I put the public IP on the WAN interface of the firewall?

A. To do this you need to have 4 public IP addresses from Sharedband that form a subnet.
Due to the impending shortage of IPv4 addresses most firewalls don’t require a public IP on the WAN interface. All traffic can be forward to your firewall so your existing VPNs and port forward will still work. If you do need the public IP on the WAN interface, please speak to your Sharedband account manager.

Troubleshooting.

Q. I’ve plugged my PC into my firewall but I can’t access webpages or it takes a long time before the page starts to load.

A. This maybe a DNS error. Log into your firewall and look under the DHCP settings. Your Primary DNS server will need to be the same as the Sharedband gateway you set in step 3.
If you have a Microsoft SBS server you may need to amend the DNS servers on that.
Ensure you are connected with a cable to the firewall (on a LAN switch) and make sure your PC is using DHCP.
If you still can’t connect please raise a technical support ticket at http://support.sharedband.com/

Q. My VPN will not connect.

A. Depending on VPN type, you may need to configure the VPN device to work though NAT. This can be as simple as specifying the public IP address in the VPN config. Please refer to the manufacture’s documentation for your VPN device.
Additionally, please refer to http://support.sharedband.com/kb/kb49 for other VPN configuration help.