This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

UTM configuration with Verizon FIOS

Trying to setup UTM 9.3 with Verizon FIOS. I currently have connected as follows:

Verizon FIOS router LAN port --> UTM WAN port (eth2) -->UTM LAN port (eth1) --> switch --> Wireless router LAN port (used as access point).

The verizon router is 192.168.1.1 with DHCP enabled for range 192.168.1.100 - .200 (do I need DHCP here?  I do have a couple of devices directly connected to this router bypasing UTM)

I have UTM LAN set to 192.168.1.2.  It seems I may need to enable DHCP here since downstream clients are not getting address from Verizon router.  I tried enabling DHCP with range 192.168.1.10 - .99 with no luck

All subnet masks are 255.255.255.0.  I will need all internal LAN devices to reach each other - a wireless client connected to the router needs to hit a printer connected to the Verizon router, etc.

The wireless router is set to 192.168.1.3 no DHCP thinking it would pick up address from something upstream.

I'm currently not getting internet access downstream of UTM.  Using Tools-->Ping check on UTM I can ping internet addresses by IP but not by name.

Suggestions greatly appreciated.



This thread was automatically locked due to age.
Parents
  • I have exactly the same setup and it has been working fine for 3 years. Here is what I did. The Verizon router is set to 192.168.1.1. The UTM LAN port which connects to Verizon router is assigned a static IP 192.168.1.3. In the Verizon router, I have created a DMZ and added 192.168.1.3 to the DMZ. This way, the Verizon router passes all traffic to UTM. All the firewall functions are done within UTM. I have left DHCP enabled in Verizon router. If you have Verizon DVR, the DVR gets its IP from Verizon router. The UTM LAN port which connect to internal network is assigned IP of 192.168.100.1. The UTM acts as DNS resolver and DHCP server for internal network. So in your network diagram, here is what I have done:

    (192.168.1.1, DHCP ON)Verizon FIOS router LAN port (static IP 192.168.1.3 in DMZ, reserved in DHCP)-->UTM WAN port (eth2, 192.168.1.3) -->UTM LAN port (eth1, 192.168.100.1) --> switch --> Wireless router LAN port (used as access point, 192.168.100.2). All subnet masks are 255.255.255.0

    I have also turned on the firewall in Verizon router to recommended security level. Since all internet traffic is anyways passed on to UTM because of DMZ, the router security settings will not have any impact on UTM. This will also ensure that your Verizon router cannot be compromised. I am sure you would have done it already, but please change the default password of Verizon router.

    Of course, the choice of internal IP is totally up to you. The setup has one major problem. You will never be able to use certificate based authentication because of double NAT. Also, if you want to use service like DynDNS, it will have to be configured in Verizon router or in a Windows PC in internal network. It cannot be configured in UTM as UTM will update the DynDNS to 192.168.1.3 IP address instead of your public IP.

    Just to clarify, I am not a network expert, just a DIY tech enthusiast.
Reply
  • I have exactly the same setup and it has been working fine for 3 years. Here is what I did. The Verizon router is set to 192.168.1.1. The UTM LAN port which connects to Verizon router is assigned a static IP 192.168.1.3. In the Verizon router, I have created a DMZ and added 192.168.1.3 to the DMZ. This way, the Verizon router passes all traffic to UTM. All the firewall functions are done within UTM. I have left DHCP enabled in Verizon router. If you have Verizon DVR, the DVR gets its IP from Verizon router. The UTM LAN port which connect to internal network is assigned IP of 192.168.100.1. The UTM acts as DNS resolver and DHCP server for internal network. So in your network diagram, here is what I have done:

    (192.168.1.1, DHCP ON)Verizon FIOS router LAN port (static IP 192.168.1.3 in DMZ, reserved in DHCP)-->UTM WAN port (eth2, 192.168.1.3) -->UTM LAN port (eth1, 192.168.100.1) --> switch --> Wireless router LAN port (used as access point, 192.168.100.2). All subnet masks are 255.255.255.0

    I have also turned on the firewall in Verizon router to recommended security level. Since all internet traffic is anyways passed on to UTM because of DMZ, the router security settings will not have any impact on UTM. This will also ensure that your Verizon router cannot be compromised. I am sure you would have done it already, but please change the default password of Verizon router.

    Of course, the choice of internal IP is totally up to you. The setup has one major problem. You will never be able to use certificate based authentication because of double NAT. Also, if you want to use service like DynDNS, it will have to be configured in Verizon router or in a Windows PC in internal network. It cannot be configured in UTM as UTM will update the DynDNS to 192.168.1.3 IP address instead of your public IP.

    Just to clarify, I am not a network expert, just a DIY tech enthusiast.
Children
  • Take a read of this DSLReports information.... Personally I could careless about remote DVR access or Caller ID on my TVs so I went with option # 10. Verizon has no visibility into my network and I still get my TV service.
    www.dslreports.com/.../16077
  • I had seen the bridge configurations when I was researching on how to connect the FIOS router. The MOCA WAN bridge needed something extra (if I remember correctly) and I also have a DVR, so I went with the same configuration which OP has.
    I think OP's problem is caused by Verizon router and UTM being on the same IP range. The UTM LAN (internal network) must be on a different IP range than the UTM WAN port.
    Verizon does not have any visibility into my network, but they still have access to their router. Once I needed the router password reset and they did it remotely, without impacting anything.
  • That's the whole problem with FIOS, there are way too many ways to configure it to accomplish the same thing. To me security was a higher priority so I have no Verizon equipment other than the ONT sitting in the garage.