Cool. I like the idea of not needing to install something to manage it.

@Jason said:

That's weird none of ours every auto renew. Heck usually they don't even expired based on time. It's a minimum money spent, when you pass that it expires. It's to make sure they cover all their build our costs for the fiber circuits.

That's how it's been for me too. After the original contract expires they just move month to month. Luckily they haven't tried to jack up our rates in Month to Month, but I suppose they could.

@NetworkNerd said:

The DR topic is not one that comes up often. I think execs really don't think about it or whether the corporate growth plan has an infrastructure support plan to go with it.

Mention to them that ANY planning without IT involved means IT cannot be responsible in any way. How do they expect the company to have a plan if they ignore the planning process?

@Dashrender said:

@scottalanmiller said:

@Dashrender said:

So if the OP wants to do web filtering and firewall services - what stuff should he buy?

Same thing that I keep saying... ERL and Squid.

I just wanted you to post it again 🙂

LOL. There it is.

@scottalanmiller said:

@dafyre said:

@scottalanmiller said:

@Jason said:

@dafyre said:

@NetworkNerd said:

@JaredBusch said:

@NetworkNerd said:

@Dashrender said:

Zero LAN?

yeah for the OP, I was wondering if going to a cloud solution would be workable.

Moving to Azure AD requires all the endpoints to move to Windows 10, or ditch Windows altogether and move to Linux.

I don't know that Azure AD is feasible for us at the moment. Keep in mind we are a manufacturing company that often times needs to support legacy software which works with machines out in our shops. Windows 10 for everyone is not really an option just yet.

Right, so you can easily keep the hub and spoke and only use it for AD authentication and such.

Really you need to look at what you are pushing over the pipes.

In a hub and spoke design, do folks often allow VPN access to the hub but then allow the vpn connected clients to connect to other site resources as well (i.e. might need access to a file server at each location)?

This is why you see @scottalanmiller pushing for things like ownCloud or SharePoint, et al... It doesn't matter where you are connected from... as long as you have internet, you can access your ownClooud / Sharepoint instances.

Yeah but that doesn't work for everyone. Mosltly SMBs that can get away with that.

Having worked in the enterprise space.... what about the enterprise would make that harder than in the SMB space? Other than massive legacy investments to replace?

Like you said... Legacy applications... My second thought would be scale. How many end-users do you have to separate from the LAN / Servers -- especially if it is a typical office environment.

Legacy applications can generally be used without a LAN, just takes a little work. Not 100% of the time, but commonly.

Actually I think that scale makes it easier because some of the difficult mesh things that SMBs do enterprises don't because they don't scale - like using desktops as file servers.

I can agree with this mostly, I think. Scale is not such a big issue for the enterprises because they have the funding to pay for it, so they get the benefit of the economy of scale as well. (Buy more, get it cheapter, etc).

@gjacobse said:

That sounds like a awesome place to work. I'd consider it if I was:

Living in that area looking which I am not. able to work in the shop
Wanting learn some metal skills.,...

Come hang out at my place if you want to be taught some "metal skills"! \m/

Here's the current suggestion from Seagull Support in addition to sending Bartender message logs, Bartender print job logs, and system / application logs on the server:

I would like to try making a change to Commander, I would like to change when Bartender restarts the process. Please follow the steps below
1: Open Commander and stop detection
2: Click on Detection Command Handler Setup
3: On the General tab in the Restart Process dropdown select "Every Command"
4: Start detection.

Get a previous gen Nexus 7 tablet, they pop up all the time for ~$125 or less.

@JaredBusch said:

@Dashrender said:

@JaredBusch said:

@Dashrender said:

@PSX_Defector said:

@JaredBusch said:

@NetworkNerd said:

They did provide specifics. They said open UDP 1024 - 65535 for RTP traffic specifically but UDP 5060 for SIP.

No, stating 1024-65535 is NOT specifics. It is a cop out.

At that point, why not just completely make it unsecured and put in an any/any rule.

I would silo that shit pronto, so when the inevitable pwnage happens it doesn't infect the rest of the network.

If it's limited only to the IP of the SIP provider, what are you worried about? Don't get me wrong, we should of course limit the ports when possible, but really 1 port versus 64K ports - does it make you more vulnerable when you've locked the ports to a single incoming IP?

My response to that is how can I trust them to keep their stuff secure when they cannot even configure a proper set of ports for RTP?

You have a completely valid point.

Setting that aside - does the rest of my point remain valid?

Yes, as long as you have properly restricted it to the provider, you have less to worry about.

I've restricted SIP and RTP traffic to the Intelepeer ips as @Dashrender mentions.

@StrongBad Exactly! The UPS it's self can be used and refurb'd but the batteries must be new.

Here's an AGM battery that someone tried to take apart. (Don't try that at home!)

AGM_inside.jpg

@scottalanmiller
Some people are procrastinators I guess. 🙂
https://mangolassi.it/topic/10175/site-to-site-vpn-between-cisco-asa-and-meraki-mx-the-kb-i-wish-meraki-had-written

...or a lion tamer.

@JaredBusch said:

@nadnerB said:

Wow, you lot need a healthcare system overhaul.
In fact, I think it's more appropriate to say that you need a healthcare system.

Well, I will not really disagree.

I don't think any of us will

@Bob-Beatty said:

It depends on the job. If you have to support end users, you need to be at the office when they are, that is usually a scheduling task. But for engineers, administrators, etc... I don't care, nor do I pay attention. If I have to micro manage that, then I'm in the wrong job and I hired the wrong person.

In this case it was end user support. The part about hiring the wrong person is what turned out to be true in my case, but we've resolved that problem now. Thanks everyone for your advice on this one.

I have never used them.

@g.jacobse said:

@NetworkNerd said:

@g.jacobse said:

My limited exposure

Having all A-Team members means that work will not get done after some time.

Really? Can you give more detail about your experience there?

A-Team members is about the same as everyone having a hammer. Doesn't matter what kind or size, and the 'job' is to pound just one nail in.

A-Team is five people,.. five hammers,.. one nail. You either have four people just standing and watching as just one person does it, or all five bickering on who gets to hit it first- I started this project, last- I finished this project.

Overly simplified,.. but my interpretation ..

I don't know many A teamers who want to work in a vacuum. Part of what makes people really good, I think, is that they like to work together, peer reviewe, mentoring, growth, competition, etc.

My Dad, A long time IT Administrator for mainframes would tell me over and over your only as good as your last viable backup. I am religious about backups and copy's of data, especially with big moves like this.

And I second the notion that most if not any of your users do not fully understand what is going to happen. Add on top that almost all are convinced of the "Clouds" ability to retain your data indefinitely. And you have a recipe for disaster.

And you look like the hero too when / if they need that data.

So get a nice external USB 3.0 HDD and dump the data there and save it.

Well Nick, I think you just answered it when you said "I want to hear from them in regard to ideas for improvement, if there is anything else I could be doing to help them be more effective in their position, etc." Make that the starting point of the meeting, and see what they have to say. If you're as personable as a manager as you are as a colleague, I'm sure you'll get some useful feedback. Of course, you can follow that up with your own feedback, whether it's responding to their thoughts or mentoring through praising their strengths and offering advice to bolster their weaknesses. At least that's pretty much how I have done my own, which I have gotten a decent response from. And it goes without saying that mine incorporate a fair amount of wit and sarcasm, as well. Never forget that part. Gotta have fun. 😉

If you want traffic on 10.0.1.0/24 to be able to hit the cameras at 10.192.0.0/24, why not simply connect the DVR cameras to Eth0/6 and then configure the ASA to route between 10.0.1.0 and 10.192.0.0?

That completely eliminates the need to go out to the internet and then turn around and come right back on. You should also be able to configure the detault route for the 10.192 subnet to go out the Second Cable modem on Eth0/7.