Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 10 replies
  • Answers 1 answer
  • Subscribers 4 subscribers
  • Views 6624 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

My client computers have web access but my Windows Small Business Server 2011 cannot even ping Google (8.8.8.8)

hi.darren@gmail.com

Hello Everyone;

I changed ISPs & and also have new static IP. I have not been able to have microsoft exchange email, wsus, IPSEC VPN for backups, or have IOs devices connect for mail since change. Disturbingly enough the users can surf, play music, use Simply Accounting, and access personal and public folders on the network. This has been since mid-December. One problem was with the new ISP and their Hitron Cisco modem/router which they just identified Jan 8,2017. It was not allowing me to have the new static IP. It was giving me a dynamic one. I had them power cycle it on their end and it seemed to help. They must be doing something else as nothing changes when I power cycle it manually on my side.

So the users are up and running and now using their personal accounts for email (gmail). So a little pressure is off. I have been thrashing for a couple weeks now to the point where I crashed everything and discovered I love how easy it is to roll back and recover the UTM. Nice :)

My question is: something is blocking my server from the internet. Where do I start?

My network starts with a Cisco Hitron modem/router -> UTM 9.405 -> Netgear 24 port smart switch -> Currently 3 client computers and a  Citrix Xenserver with VM Windows SBS 2011 Server (we had to scale down the company temporarily thats why only 3 computers. Used to be an additional 9 office staff and 5 engineer CAD stations)

Best,

Darren



This thread was automatically locked due to age.
  • +1

    hi Darren,

    is your server on the same network segment as your clients?

    Is the dns settings on the server correct?

    if yes to both the above, then it could be a block on the firewall or the web protection. Open the live firewall log and the web protection log, and filter by your server ip address. Check to see if you see any traffic being successful or blocked. 

  • 0 in reply to seanl

    <is your server on the same network segment as your clients?> Yes 192.168.1.xxx

    <Is the dns settings on the server correct?> I believe so

    <if yes to both the above, then it could be a block on the firewall or the web protection. Open the live firewall log and the web protection log, and filter by your server ip address. Check to see if you see any traffic being successful or blocked. >

    live log firewall

    19:17:41 Default DROP ICMP  
    192.168.1.SERVER    
    8.8.8.8    
    		 
    len=60 ttl=127 tos=0x00 srcmac=00:1e:37:f4:33:72 dstmac=00:0d:60:b7:36:d4

     

    I have been thrashing. I believe I have a problem with my DNS Record as it has a combination of old and new ISP information. I am going to email my dns admin at MTS and see if they can help resolve this.

    One thing I noticed on my MS server is under the <server manager - dhcp options- dns >  it was missing the new ISP name servers. I added the records but no success

    On Dec 19th I asked for a change and on Dec 20th this problem began so more than likely it is my DNS record

  • 0 in reply to seanl

    One interesting observation. My daily firewall email is making it to my IOS device. Strange…

  • 0 in reply to hi.darren@gmail.com

    check your mx-record for your mail-domain..

    seems to me no one really planned the provider change.

    greets

    zaphod
    ___________________________________________

    Home: Zotac CI321 (8GB RAM / 120GB SSD)  with latest Sophos UTM
    Work: 2 SG430 Cluster / many other models like SG105/SG115/SG135/SG135w/...

  • +1 in reply to hi.darren@gmail.com

    Pinging is regulated on the 'ICMP' tab of 'Firewall'.  The "Any" service includes only TCP and UDP, not ICMP or other IP protocols.  So, you may not have a problem.

    You might want to consider DNS best practice.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to zaphod

    Received a snotty from the dns admin saying there is not a problem.

    dnsadmin@mtsallstream.net
     
       
    to me
     

         

    Hello,

    From a DNS perspective, unless we are given the wrong data to publish, we would
    not be able to see why mail flow was impaired.
    That said, your mail server is accessible from the Internet:

    telnet mx1.asarenovations.com 25
    Trying 184.71.68.246...
    Connected to mx1.asarenovations.com.
    Escape character is '^]'.
    220 asa-fw ESMTP ready.
  • 0 in reply to BAlfson

    Updated records as required with no change

    surfing the forums I saw this post about the 9.405-5 update   I am on 9.409 so I dont know if the MTU  issue is still relevant to me

  • 0

    The following has been discovered

    1. My ISP will not support VPN, but it appears business customers have support. my log files have "listening status on the business UTM while my home UTM just shows errors

    2. I can NOW ping google (8.8.8.8) from the server. But I cannot ping google.com from the server as it errors out. Thank you Bob for the setting change suggestions

    3. I am hopeful the release of 9.410 will bring some resolution

  • 0 in reply to hi.darren@gmail.com

    Sean I found two errors in the DNS server settings.  Thank you!

  • 0 in reply to seanl

    Hi Sean;

    I found two errors on my DNS Server - Thank you for the clue!

    In addition Bobs DNS best practice. helped

    I also adjusted the MTU value manually for my home Cisco router with the dynamic dns to 1500.

    I am back up and running thanks everyone!

    Darren

Unfiltered HTML