Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie

New firewall, cant configure

Options
  • 19-05-2017 8:44pm
    #1
    Gazzmonkey
    Registered Users Posts: 816 ✭✭✭


    Hi all

    Desperate for help and my own colleagues left for the weekend so I'm stuck here in the comms room completely lost.

    We needed a new firewall server but they wouldn't pay for a software firewall solution like Sophos, sonicwall etc... so I've been tasked with setting it up.

    Its up & running now and i can ping AD and reach any network resource, also it has easily picked up the service from the fiber switch so at least the firewall server has internet access.

    But i cannot provide internet access to the LAN and its sending me round the bend. Its the fecking windows firewall but I've never configured one so can anyone shed light on the correct rule needed to give the machines on our network internet access?

    I've tried alot of rules so first of all.. I'm going reset firewall rules back to default to clear out my retarded attempts.

    I'll be here all night anyway so any advice is very welcome.

    Regards


Comments

  • Options
    #2
    roast
    Registered Users Posts: 2,320 ✭✭✭roast


    I'd really be against using a Windows Server as a network firewall, if budget is an issue then look at building a PFsense box.

    With that said, it doesn't really help you at the moment. What Windows server OS are you using? Have you configured the RRAS role? The firewall role will only protect the machine it's on, unless you're using something to "distribute" network access to the LAN, i.e. RRAS. Once that's set up, you can then use the configure NAT and then the Firewall to control access.

    It's been about 4 years since I've configured such a setup, so I'm a bit rusty with Windows.

    EDIT: Dell, of all people, have an article on it. The concepts are the same for any other windows OS
    http://www.dell.com/support/article/us/en/19/HOW10169/configuring-windows-server-2012-r2-as-a-router?lang=EN


  • Options
    #3
    Gazzmonkey
    Registered Users Posts: 816 ✭✭✭Gazzmonkey


    The OS is server 2016, this server is also the default gateway for the network and RRAS role is running with L2TP VPN set up.

    When I switch off windows firewall, inbound VPN traffic becomes unblocked and I got a connection on it last night but outbound browser traffic still wont work.

    I'm strarting to think its DNS related as I'm using the same static IP of the old firewall server and when pinging the DC which is also DNS & DHCP I get packet loss.

    Would it cause a problem to swap out firewall servers by simply using the same static IP, subnet & DNS IPs? I didn't enter a gateway IP as the firewall server is the gateway.


  • Options
    #4
    Gazzmonkey
    Registered Users Posts: 816 ✭✭✭Gazzmonkey


    Cheers, that article fixed the issue of internet access for all clients.

    So I moved on to vpn again.. works fine using PPTP now but its a no go with L2TP unfortunately.

    Seems to be related to not having a cert installed on the VPN server, but I'm using pre shared key??

    If I cant sort it myself I'll post up the exact error msg later.


  • Options
    #5
    Gazzmonkey
    Registered Users Posts: 816 ✭✭✭Gazzmonkey


    Sorted it 😊

    NPS role was reporting as off when it was on. I unchecked the role then rebooted.

    Checked the role on again and L2TP started working.

    Glad that sh1tes over

    All the best


Advertisement