Switching to a new internet service provider (ISP) can require you to make changes to you Smoothwall installation. The changes depend on the services in use on Smoothwall. If you use the Smoothwall as a firewall, a switch to a new ISP requires more changes than if you just use your Smoothwall as a web filter.
Considerations for web filter service
This includes cluster and parent/child systems.
DNS and routing are the key areas to check here. If any internal IP addresses for gateway or switches that the Smoothwall systems are using are being changed due to the switch to new ISP, those changes have to be reflected on the Smoothwall. For DNS, make sure none of the Smoothwall systems are using the old ISP DNS service and if they are, switch to new ISP DNS services.
Considerations for firewall service
When Smoothwall is used as a firewall, the checklist gets a bit bigger.
External IP addressing, routing and firewall policies
- All external interfaces should change the IP addressing in line with the new IP, subnet mask and default gateway provided by the ISP. This can be done by replacing the IP address on the existing external interface or by adding a new external connection using a separate interface.
- The Source NAT and LLB Rules section within networking - configuration needs to be updated. Whether a new connection was added or an existing connection was reconfigured, check that all policies here look correct. If LLB Pools are being used, make sure no old configuration information is used in those.
- DNS setting needs to be checked to make sure that the new providers DNS servers are being used for external host name lookups.
- Port forwards need to be checked and adjusted if needs be. Remember to update DNS lookup records for the host names of services located behind the new IP address.
- Firewall policies also need to be checked to make sure that they look correct after adding/re-configuring the external connection. Check for any occurrence of the old interface or IP address in the firewall policies and change as needed.
- Public host name lookup - remember to update any DNS records to use the new public IP address.
VPN, Reverse proxy and Bandwidth module
- For all IPSEC subnet VPN profiles, make sure that they are using the new interface/IP address.
- SSL VPN clients will need to update the address that they connect to. A new configuration file is not needed to do this - client configuration can be edited directly and the IP address replaced. Obviously, new configuration files will work as well.
- Make sure DNS records have been updated for the new IP address but otherwise, no changes should be needed for reverse proxy service configuration.
- Within the bandwidth module, the settings in control - interfaces needs to be checked.
Any Smoothwall access rules on external interfaces will need to be checked. This is done within the firewall - Smoothwall access section. You should also double check the Intrusion detection section as well as the proxies section in services after the reconfiguration too.
Web filter should not need any additional steps on a Smoothwall running as a firewall as well.