Windows 7 woes...

I've been hearing a lot of good things about the Windows 7 Release Candidate, not too may people are saying much bad about it. I admit, I do like it better than Vista, but there are a few stumbling blocks I have run into...
First, The upgrade from Windows 7 Beta to Windows 7 RC has been blocked!

I went around this limitation and followed the directions here: http://www.blogsdna.com/3083/how-to-upgrade-windows-7-beta-build-7000-to-windows-7-rc-build-7100.htm

and upgraded to build 7100. great! First issue, no Start Menu. Not a true problem for me, most of my programs are either pinned to my Toolbar or I fire them off from the Run command.

Second problem, No Internet Access. This took a bit more troubleshooting, after a Reboot, sometimes the computer would add 0.0.0.0 as the default gateway ALONG with my true Default gateway.

again, another easy fix if you know how:
Start a Command prompt Window as an elevated administrator (If you run as a standard user, this won't work)
Type
ipconfig

in your default gateway, you should see 0.0.0.0 along with your normal gateway. If you do! Great!
Type Route Delete 0.0.0.0
then type
ipconfig /renew

and voila! Your Default Gateway is working again, and you can hit the Internet!

FirePlotter, a Nice tool for monitoring Cisco Pix/ASA's and Fortigates!

I stumbled (well, was pointed to) this great tool:







For monitoring my Fortigate Firewalls! Now, I love my Fortigates, they are a great price point for Unified Threat and Decent Firewalling Rules, but the interface and monitoring tools built in could be LOADS better! Like anything it takes a while to get used to!

This FirePlotter tool has taken alot of pain out of monitoring traffic, there is a free and one year subscription paid version of the tool. The free tool will let you monitor some basic settings, such as Ping, FTP, SMTP, DNS, HTTP, PoP3, HTTPS, and RDP. This is great is you are searching for a Rogue Zombie on your network trying to flood e-mail's! (You ARE restricting all machine except for your designated mail Server to send traffice on Port 25, correct?)

The Paid version will allow for additional views, all traffic to be monitored and allows basic commands to be performed on the firewall such as Ping.

If you have a Fortigate or Pix/ASA, check this tool out, the paid version rocks, the free version is worth more than you pay for it!

Just what IP addresses do you need to exclude from your Google Analyitcs so you are not tracking yourself?

I was servicing one of my newer customers today, setting up their shiny new T1 line for their VoIP and Data traffic, it is a great upgrade for them. After a small confusion with the Telco as to where to plug in their Firewall (Not the Phone Switch, but rather the Netgear switch) their server hit my website (www.sensiblegurus.com) much much much quicker than before, Disconnected from my remote session and, case closed....
or was it?

About an hour later, I receive a call, Some PC's are not connecting to the web, or mail servers!

Turns out that all of their PC's had Static IP Addresses, with Static DNS. While the computers could connect to the Internet just fine, they could not resolve names. When asked why the PC's are running Static IPs, I was given the answer a) That is the way the old IT Consultant had it set up and b) so I could exclude the IP range from Google Analytics.

I took a quick glance at the already active DHCP Scope, increased it size, setup WINS and Domain name, and coached my customer that this is really the way to go, much better management of the network! Much easier to deal with than a spreadsheet or notebook remembering all your Static IP addresses.

We changed the computers to get their addresses via DHCP and Bam! They were browsing and downloading their e-mail like a champ! WOOOO!

I started to explain to the customer a bit about NAT (Network Address Translation) and how we don't need to exclude ALL the internal IP addresses at both of his locations, but rather just the external IP of the Firewall. NAT is a technology that allows multiple computers inside a network to share a single external (Public) IP Address. The Firewall, in NAT Mode, acts as a mini Proxy allowing traffic in and out, remembering where the traffic is going, and passing the relevant information back to the requesting computer! Some of the greatest benefits of NAT is the ability NOT to give each and every computer their own Public Internet Address, and NAT by itself does provide some protection to your computer (not nearly as powerful as a true firewall, that can work in conjunction with NAT) This is a very simple explanation on what NAT is,

The customer was happy he doesn't have to re-enter all the private IP addresses in his web page analytics anymore. Just his Public ones! I am happy that the customer is happy!

Takk!