Gateway Timeout errors
-
Isolate the issue into digestible bits
Ping from your modem, then add an appliance and progress through your network stack until it fails
Edit: welcome to ML!
Edit2: Double welcome fellow Canajun.
Edit3: Fitness center? Non-profit? Truly a small world, me too
-
@Dashrender said:
24/7 sho
I tried this and I had no problem getting to any of these sites. It appears the problem is within my network.
-
Is your default gateway the firewall?
-
Do an nslookup of that address, is it resolving correctly?
-
Default gateway is the firewall. It works for all websites but these few.
-
nslookup resolves correctly.
-
@toxophilite said:
Default gateway is the firewall. It works for all websites but these few.
I wanted to make sure there wasn't another router to possibly look at that might be doing some filtering.
Sounds like your firewall is to blame here.
Can you post a sanitized version of your configuration?
-
That's what I'm beginning to think. Unfortunately I don't know the ASA very well. I'll need to bring someone in.
-
Would be cheaper to replace the ASA with a UBNT than to have someone come in to look at the ASA.
-
@scottalanmiller said:
Would be cheaper to replace the ASA with a UBNT than to have someone come in to look at the ASA.
It doesn't have near the features if you actually need what an ASA provides.
-
@toxophilite said:
That's what I'm beginning to think. Unfortunately I don't know the ASA very well. I'll need to bring someone in.
You need to bring someone in just to type
EnableandShow Running-config? -
I'm almost there with you. I used UBNT APs at my last job and loved them. I purchased a switch but it hadn't arrived when I left. Here at my new job we just built out our network and I let that vendor chose the hardware because of how complicated everything was. I definitely chose the wrong vendor.
How does the UBNT firewall stack up to other firewalls for security? As a Jewish organization we are always a target. I can't compromise on security. While I'm pretty sure I won't replace these with Cisco equipment I need to make sure that whatever I replace it with is very secure.
-
@toxophilite said:
I'm almost there with you. I used UBNT APs at my last job and loved them. I purchased a switch but it hadn't arrived when I left. Here at my new job we just built out our network and I let that vendor chose the hardware because of how complicated everything was. I definitely chose the wrong vendor.
How does the UBNT firewall stack up to other firewalls for security? As a Jewish organization we are always a target. I can't compromise on security. While I'm pretty sure I won't replace these with Cisco equipment I need to make sure that whatever I replace it with is very secure.
Define security, because that is not a thing. It is a firewall. It allows what you tell it to allow and it blocks what you tell it to block, like any other.
-
@toxophilite said:
How does the UBNT firewall stack up to other firewalls for security? As a Jewish organization we are always a target. I can't compromise on security. While I'm pretty sure I won't replace these with Cisco equipment I need to make sure that whatever I replace it with is very secure.
I'd reverse that question... what makes Cisco acceptable equipment? Lower quality, higher price, leaves you at the mercy of consultants and offers no security above the minimum standard while being the top target simply because of its frequency of deployment.
Cisco doesn't offer you any security here, Ubiquiti offers you a better product with equal security. It's Cisco that you should be questioning "if it stacks up", not the Ubiquiti. It is Cisco that almost never offers a value justifying its use. Ubiquiti doesn't have that problem.
-
@JaredBusch said:
Define security, because that is not a thing. It is a firewall. It allows what you tell it to allow and it blocks what you tell it to block, like any other.
Jared is spot on, you have two equally secure pieces here. I'd argue that because you perceive the Cisco as more secure, and that is an illusion, that it is actually the less secure of the two simply because it invoked a dangerous emotional reaction that you don't want to have.
-
There is a reason that I normally say that the Ubiquiti is the only device that I will buy until I get to a full UTM like a Palo Alto. Ubiquiti is as good as you are going to get for a firewall. If you need more security than that, and some places do, then you need to be spending the money to do it right and Sophos is the entry point to that and Palo Alto is the gold standard in the industry. Short of those, Ubiquiti it is simply because it offers top notch quality at a fraction of the cost and complexity of its competitors, like Cisco.
-
We aren't saying that your Cisco ASA isn't just fine here... only that if you are going to spend over $65 on it, you would be better off getting a higher end (same security, better throughput) Ubiquiti and being able to support it yourself.
Supporting it yourself is another important aspect of security, as well.
-
@scottalanmiller said:
We aren't saying that your Cisco ASA isn't just fine here... only that if you are going to spend over $65 on it, you would be better off getting a higher end (same security, better throughput) Ubiquiti and being able to support it yourself.
Supporting it yourself is another important aspect of security, as well.
$90 generally btw for the ERL.
-
Oh right, I had the entry level AP price in my head. $90 - $95 for the ERL.
-
That's amazing. I can get the ERPro-8 for two hours worth of support on my ASA!
