New problem solver
•
13 Messages
SnapGear SG565 Use With Comcast 3939B Modem Suggestion
I've been posting quite a bit here lately and working myself into a bottomless pit of technology that's really over my head. I'd love to learn more but that's going to take a while. I also tend to ramble on and on which can get confusing. This si my attempt to keep it simple stupid.
Up until last Friday I had the Comcast SMC Modem (cannot remember the model number now) running in Bridge mode connected to a Secure Computing SnapGear SG565. It's still configured, can be put back in-line in short order, and I'm wondering if it would help me get the MSServer 2012 R2 Essentials online more easily.
My questions regarding the unit are pretty simple for all you IT pro's so here's the concerns/questions maybe you can help me out with.
- It's 8 - 10 years old. No, it's never missed a lick but it's limited to the 10/100 as far as speed. I'd think since I'm getting nowhere near 100 mbps from the modem that this shouldn't be a problem. Am I correct or out to lunch? It's my understanding that the gigabit technology between the workstations is most critical?
- Should I let the SnapGear handle DHCP and all the other goodies that it was designed for? Or, will this give the Essentials Server grief?
- I assume the wireless shouldn't be used. It's a much older technology but we lived with it until last Friday. What do you think?
- The port designated as "B" was connected to the Comcast Modem and configured as a "direct connection" in teh SnapGear. I'd assume this would still be the case. Again, am I correct?
- Ports A1 and A2 were connected directly to our 3Com 2424Plus switches (boy are they loud) which are still used now. Any problems with this?
- Should the Essentials Server be perhaps connected to the port A3 or simply be connected to the switches?
It's previous task was to direct up to 30 - 40 workstations to an offsite Citrix server so we've never used it connected to an on-site server. Today, the number of workstations may rise to 8 or 9 but that's it. Also, due to it's age and technology, is it really just more of a "boat anchor" which can remain on my desk and be proudly displayed as a piece of equipment deserving a comfortable retirement? Or is it more comfortable being back in the trenches where it was once a pretty expensive piece of equipment (well worth it I should ad) ready to do battle?
Once again, any help is greatly appreciated!
Regards,
TG
Accepted Solution
tmittelstaedt
Problem solver
•
326 Messages
9 years ago
PFSense is an open source free firewall software you load on a PC with 2 network ports
Untangle free edition is also an open source free firewall solution you load on a PC with 2 network ports
The SnapGear is basically a rack mounted PC with multiple network ports on it running a modified open source firewall solution
All of these are based on PCs. There really is no difference between them. And PC gear can be extremely reliable if it's good quality gear. I'm typing this on a desktop PC that is about 3 years old and has been up continuiously, and never crashed - and it's running Windows 7. The last time I rebooted it was to install updates, on March 6th - and it's been on ever since. (and NOT in hibernation - all power saving hibernation stuff is turned off)
If the Comcast 3939B is put into true bridged mode and the SG565 is put into DHCP mode and the static IP is taken off
the account (it's not needed) and the PCs and server and SG565 LAN port are all plugged into a modern gigabit switch, it will work the same as using a PFSense or Untangle software package on a PC with 2 network ports in place of the SG565 (except those newer software packages will offer more protection)
0
timd1971
New problem solver
•
49 Messages
9 years ago
I would like to know the answer to that also. Even though these routers usually have minimum 4 ports, 1 being used up to go to a switch initially, and the other 3 free, I would assume the SWITCH is merely just a "smart splitter" to expand the quantity of ports. (not a dumb hub). So I guess it doesn't make any difference if you put the server on one od the empty router ports? I don;t know, but assume so. It seems that if the power when out (or died) on the switch, the server would still be up with the router? Almost seems might be a good idea to have at least 1 main PC connected also to the router emergency uptime utilizing the server and the main client PC. I am not sure, but IP addresses etc aren't any different are they if utilizing the spare ports of the router and the switch? Is there something we should be aware of here?
0
0
ShifterKartRacer
New problem solver
•
13 Messages
9 years ago
I am aware of the lack of support for the SnapGear. It's just an older piece of equipment that was used and worked well.
I've heard about using another dedicated PC but if I'm having this much trouble with the Comcast equipment, I'd reckon I'd be in even more trouble. I do have plenty of PC's that could be used but I'd be skeptical of reliability assuming the computer would be running 365 days. I do however, have a couple of HP Storageworks NAS units. Yes, it's older but it works. It was only online for about a year. I believe it's a 2320s with a Pentium 4 and 4 SCSI drives. It's another non-energy conserving jet motor sounding unit but it's here.
I've also got another new HP Proliant ML350 Gen 5 (long story) but it's available as well.
I'll definitely check out Untangle as I'm still familiar with Unix, Linux, etc...
Thanks,
TG
0
0
tmittelstaedt
Problem solver
•
326 Messages
9 years ago
It's a boat anchor. More specifically it's an "orphaned product" Take a look at the following:
http://go.mcafee.com/utm/
"...In an effort to streamline McAfee firewall channel offerings and expenses, McAfee has made the decision to no longer continue the McAfee UTM Firewall product line..."
In other words they are keeping the last available firmware for the device and then giving you the Rose Festival Parade Wave.
it's not that it won't work as an address translator or an http cache, but a firewall that actually blocks anything must either obtain periodic signature file updates from the manufacturer, or check everything that goes through it with a mothership at the manufacturer.
What you have is a device that can act as a translator but it cannot do anything to keep the bad guys out. Now, keep in mind that a plain ordinary Linksys or Netgear router, or a Comcast gateway device, also can only act as a translator and cannot do anything to keep the bad guys out. But, they don't have the name "firewall" stuck on them, so (presumably) people who buy them will understand that they don't really do anything.
You would get more mileage out of buying a used 1U server and loading the free Untangle on it, at least you would get a working popup adblocker on it.
It will "work" insofar as it will pass packets and make blinky lights turn on and off on the front of it, if that makes anyone feel better.
Needless to say, the workstations should be connected to the server with a gigabit switch.
0
timd1971
New problem solver
•
49 Messages
9 years ago
is this PFsense or whatver it's called any good? DO you buy their hardware and use their software, or just use the software on the server? which to me would be a weak link when the server is down. I don't know much about placement of the hardware firewall...but does it connect into a port on the comcast router? or before router or after or in switch... obviosuly I don't know.
0
ShifterKartRacer
New problem solver
•
13 Messages
9 years ago
The manual for the SnapGear is roughly 575 pages with about everr configuration detailed. If anything, I could look through the manual and probably understand more of the concepts. That's what I'm looking to do tonight for my evening of frustrating attempts (lol)
Best,
TG
0
0