I’m working with someone who inherited a network with little documentation. They had to replace the firewall after the old one died, so we can’t pull up the old config. The old firewall was whitebox Untangle. The issue I’m seeing is IPs on some subnets are not able to get to the internet, but others are able to get out.<\/p>\n
Advertisement
Here’s an example:<\/p>\n
Advertisement
Device at 172.16.87.10/22 with gateway of 172.16.87.254: This device can get to internet<\/p>\n
Device at 172.16.88.10/22 with the same gateway of 172.16.87.254. This device, no internet.<\/p>\n
What’s confusing is the 172.16.88.10 device even with a /22 subnet mask is not on the same subnet as the gateway it has set (172.16.87.254). The only thing that changed was the firewall replacement. The firewall has the IP address 172.16.87.254/22. Is it possible the old firewall had a different subnet mask, like if we change the firewall to a /20 then it will encompass the other networks, but I’m not sure if that’s viable. As far as we know there are no L3 devices, and all of the computers that can’t get out have the same gateway of 172.16.87.254 on a different subnet.<\/p>\n
I know we are sort of grasping at straws here but if anything rings a bell as to how the old firewall might have been configured I’d appreciate any input.<\/p>","upvoteCount":5,"answerCount":7,"datePublished":"2017-08-03T16:09:58.000Z","author":{"@type":"Person","name":"stevenorble2803","url":"https://community.spiceworks.com/u/stevenorble2803"},"acceptedAnswer":{"@type":"Answer","text":"
If the firewall is truly the only change then logically there are only a few things it could be. Off the top of my head I’d think it was some kind of wacky NAT rule, the X.X.88.X/22 network is on a different VLAN, or port configuration on the old firewall was set up for different subnets. Any chance the switch ports on the old firewall were in use? If you’ve got any smart switches I’d start looking at port VLAN membership. If you have a saved config file for the old firewall (fingers crossed) you may end up having to buy or otherwise procure another Untangle and load the settings to see what you’re actually working with. Alternatively you can also rebuild the logical half of your network. I doubt you’re going to find a quick fix either way though, good luck.<\/p>","upvoteCount":0,"datePublished":"2017-08-03T18:19:09.000Z","url":"https://community.spiceworks.com/t/default-gateway-on-different-subnet/597704/6","author":{"@type":"Person","name":"conormcgrath","url":"https://community.spiceworks.com/u/conormcgrath"}},"suggestedAnswer":[{"@type":"Answer","text":"
I’m working with someone who inherited a network with little documentation. They had to replace the firewall after the old one died, so we can’t pull up the old config. The old firewall was whitebox Untangle. The issue I’m seeing is IPs on some subnets are not able to get to the internet, but others are able to get out.<\/p>\n
Here’s an example:<\/p>\n
Device at 172.16.87.10/22 with gateway of 172.16.87.254: This device can get to internet<\/p>\n
Device at 172.16.88.10/22 with the same gateway of 172.16.87.254. This device, no internet.<\/p>\n
What’s confusing is the 172.16.88.10 device even with a /22 subnet mask is not on the same subnet as the gateway it has set (172.16.87.254). The only thing that changed was the firewall replacement. The firewall has the IP address 172.16.87.254/22. Is it possible the old firewall had a different subnet mask, like if we change the firewall to a /20 then it will encompass the other networks, but I’m not sure if that’s viable. As far as we know there are no L3 devices, and all of the computers that can’t get out have the same gateway of 172.16.87.254 on a different subnet.<\/p>\n
I know we are sort of grasping at straws here but if anything rings a bell as to how the old firewall might have been configured I’d appreciate any input.<\/p>","upvoteCount":5,"datePublished":"2017-08-03T16:09:58.000Z","url":"https://community.spiceworks.com/t/default-gateway-on-different-subnet/597704/1","author":{"@type":"Person","name":"stevenorble2803","url":"https://community.spiceworks.com/u/stevenorble2803"}},{"@type":"Answer","text":"
Gateway should be on the same subnet as the device. What is the subnet mask used on the devices?<\/p>","upvoteCount":1,"datePublished":"2017-08-03T16:12:36.000Z","url":"https://community.spiceworks.com/t/default-gateway-on-different-subnet/597704/2","author":{"@type":"Person","name":"randy1699","url":"https://community.spiceworks.com/u/randy1699"}},{"@type":"Answer","text":"
