I've been posting quite a bit here lately and working myself into a bottomless pit of technology that's really over my head. I'd love to learn more but that's going to take a while. I also tend to ramble on and on which can get confusing. This si my attempt to keep it simple stupid.
Up until last Friday I had the Comcast SMC Modem (cannot remember the model number now) running in Bridge mode connected to a Secure Computing SnapGear SG565. It's still configured, can be put back in-line in short order, and I'm wondering if it would help me get the MSServer 2012 R2 Essentials online more easily.
My questions regarding the unit are pretty simple for all you IT pro's so here's the concerns/questions maybe you can help me out with.
It's previous task was to direct up to 30 - 40 workstations to an offsite Citrix server so we've never used it connected to an on-site server. Today, the number of workstations may rise to 8 or 9 but that's it. Also, due to it's age and technology, is it really just more of a "boat anchor" which can remain on my desk and be proudly displayed as a piece of equipment deserving a comfortable retirement? Or is it more comfortable being back in the trenches where it was once a pretty expensive piece of equipment (well worth it I should ad) ready to do battle?
Once again, any help is greatly appreciated!
Solved! Go to Solution.
Should the Essentials Server be perhaps connected to the port A3 or simply be connected to the switches?
I would like to know the answer to that also. Even though these routers usually have minimum 4 ports, 1 being used up to go to a switch initially, and the other 3 free, I would assume the SWITCH is merely just a "smart splitter" to expand the quantity of ports. (not a dumb hub). So I guess it doesn't make any difference if you put the server on one od the empty router ports? I don;t know, but assume so. It seems that if the power when out (or died) on the switch, the server would still be up with the router? Almost seems might be a good idea to have at least 1 main PC connected also to the router emergency uptime utilizing the server and the main client PC. I am not sure, but IP addresses etc aren't any different are they if utilizing the spare ports of the router and the switch? Is there something we should be aware of here?
Should I let the SnapGear handle DHCP and all the other goodies that it was designed for? Or, will this give the Essentials Server grief?
From what I understand, best practice, or should I say "preferred" is to let the Server handle ALL DHCP. Apparently more powerful this way etc. And IT doesn't have to mess with the router settings and deal with whatever odd stuff may be there. DHCPv4 on the server seems easy and straight forward enough...but DHCPv6 SURE IS NOT. I am still baffled with this, and still trying to deciper a lot of the help here about it. It's made out to be so complicated (not for experienced users obviously, but server newbies like me, surely), it has been a nightmare to deal with. Yet it apparently it is VERY important, so I assume it needs implemented and best to do it know with this new server setup.
It's a boat anchor. More specifically it's an "orphaned product" Take a look at the following:
"...In an effort to streamline McAfee firewall channel offerings and expenses, McAfee has made the decision to no longer continue the McAfee UTM Firewall product line..."
In other words they are keeping the last available firmware for the device and then giving you the Rose Festival Parade Wave.
it's not that it won't work as an address translator or an http cache, but a firewall that actually blocks anything must either obtain periodic signature file updates from the manufacturer, or check everything that goes through it with a mothership at the manufacturer.
What you have is a device that can act as a translator but it cannot do anything to keep the bad guys out. Now, keep in mind that a plain ordinary Linksys or Netgear router, or a Comcast gateway device, also can only act as a translator and cannot do anything to keep the bad guys out. But, they don't have the name "firewall" stuck on them, so (presumably) people who buy them will understand that they don't really do anything.
You would get more mileage out of buying a used 1U server and loading the free Untangle on it, at least you would get a working popup adblocker on it.
It will "work" insofar as it will pass packets and make blinky lights turn on and off on the front of it, if that makes anyone feel better.
Needless to say, the workstations should be connected to the server with a gigabit switch.
I am aware of the lack of support for the SnapGear. It's just an older piece of equipment that was used and worked well.
I've heard about using another dedicated PC but if I'm having this much trouble with the Comcast equipment, I'd reckon I'd be in even more trouble. I do have plenty of PC's that could be used but I'd be skeptical of reliability assuming the computer would be running 365 days. I do however, have a couple of HP Storageworks NAS units. Yes, it's older but it works. It was only online for about a year. I believe it's a 2320s with a Pentium 4 and 4 SCSI drives. It's another non-energy conserving jet motor sounding unit but it's here.
I've also got another new HP Proliant ML350 Gen 5 (long story) but it's available as well.
I'll definitely check out Untangle as I'm still familiar with Unix, Linux, etc...
is this PFsense or whatver it's called any good? DO you buy their hardware and use their software, or just use the software on the server? which to me would be a weak link when the server is down. I don't know much about placement of the hardware firewall...but does it connect into a port on the comcast router? or before router or after or in switch... obviosuly I don't know.
PFSense is an open source free firewall software you load on a PC with 2 network ports
Untangle free edition is also an open source free firewall solution you load on a PC with 2 network ports
The SnapGear is basically a rack mounted PC with multiple network ports on it running a modified open source firewall solution
All of these are based on PCs. There really is no difference between them. And PC gear can be extremely reliable if it's good quality gear. I'm typing this on a desktop PC that is about 3 years old and has been up continuiously, and never crashed - and it's running Windows 7. The last time I rebooted it was to install updates, on March 6th - and it's been on ever since. (and NOT in hibernation - all power saving hibernation stuff is turned off)
If the Comcast 3939B is put into true bridged mode and the SG565 is put into DHCP mode and the static IP is taken off
the account (it's not needed) and the PCs and server and SG565 LAN port are all plugged into a modern gigabit switch, it will work the same as using a PFSense or Untangle software package on a PC with 2 network ports in place of the SG565 (except those newer software packages will offer more protection)