How to quickly setup your office network the correct way
So, you are setting up your office network, where do you begin? Depending on the size of your office, you will need different hardware and software. But there are some basic things that all office networks need in order to function properly. In this article, I will break down the hardware that will make setting up the local office network a breeze.
Lets start with the basics and explain how a typical network is configured.
Let’s list out what you should have, at very minimum, already in your office.
- Modem or router provided by the ISP (internet service provider)
- Patch Panel, or at least a bunch of wires going to the offices, most of the time these are not labeled, so it might be a good idea to get someone on-site to label both the wires on the patch panel and the jacks in the offices, to make thing easier.
- Backwall – where equipment is generally mounted to, (this is usually a piece of plywood secured to the studs of the wall in order to provide a demarcation point to install network equipment).
Here is what you will need, (in addition to the basics), in order to make any business network simple to comprehend, manage, and properly set up.
- Firewall – Typically business owners assume that if you have a Comcast router, for example; you are good to go, nothing else is needed. However you would be wrong to think this…
- Quality managed switches – managed switches with 24-48 port capacity depending on application go a long way in cutting out the clutter and ensuring you aren’t daisy chaining 10, 8 port switches, creating a wire mess, and adding additional points of failure. If you have VOIP phones or cameras, it’s always recommended to get a POE+ rated switch.
- Patch panel- Many times we see wires that are just terminated into a jack. This makes labeling them and managing the wiring extremely difficult. If your data wires that go throughout the offices or is not terminated into a patch panel, I recommend getting something like this:
It’s an inline keystone pass-through coupler in a patch panel. This will allow you to connect the back side, to the office cables already terminated, and the front side will use shorter patch cables to go directly into the switch.
4. Network data rack to put all the equipment into, and securely lock it with a key.
So, a recap of how a typical business network should look:
INTERNET > ISP Modem > Firewall > Switch > into the patch panel to distribute data to the rest of the office.
What is an all-in-one router?
If your office, internet is through Comcast or AT&T, and odds are that you received their all-in-one bundled modem and router combination. There is plenty of material out there online as to why its not a good idea to keep using these devices for your business as your primary firewall, so I wont get into those details. However, if you made it this far, let’s break down what these devices actually do.
The all in one routers provide the basic functions on the network, it works as the modem and the router and typically includes the following features:
- Blocking external traffic to internet network
- DHCP server functionality (handing out IP addresses to devices on the network automatically)
- Routing traffic from internet network out to the internet
- Wi-Fi access point functionality
What we always recommend, is to get away from single devices that do EVERYTHING, because these all in one routers typically have many drawbacks in security, Wi-Fi range, and level of control. Instead, we always recommend to install a separate Firewall and Access Points (AP) mesh for Wi-Fi.
Got the firewall now what?
So, you purchased a firewall from a reputable vendor such as Sonicwall, Fortinet, Watchguard, Zyxel, etc., how do you make it work with your all-in-one router?
The first step is to determine if you are using a static IP or a dynamic IP. Generally static IP’s cost additional money from the ISP, but if you are not sure if you do have a static IP or not, calling your internet provider would clear this up.
How do you configure the firewall if you do have a static IP?
The all-in-one router perform similar functions to a standalone firewall, mostly, the ability to hand-out IP addresses on the local network and block/manage incoming and outgoing TCP traffic. What you will need to do is configure the WAN interface on the firewall to the static IP information provided by your ISP.
The all-in-one router will need to be set to pass-through or bridge mode. What this means is the ISP router will need to have the DHCP and firewall features disabled on it, to pass ALL traffic to the firewall. Depending on the carrier and the model of the router being used these steps can differ. Contact your carrier and ask them to place your router into a passthrough mode.
Connect the LAN port from the router to the WAN port on the firewall. Once the router is in pass-through you should have an internet connection.
How do you configure the firewall if you do have a dynamic IP?
This will require the ISP router to do one of two things. The router needs to be placed into bridge or passthrough mode. If the router is allowed to hand out local IP addresses to the firewall, then you enable either a 1 to 1 NAT, or a DMZ (demilitarized zone) to point to the firewall. Set your firewall, this creates a double NAT, which can cause your VOIP phones not to register to the network, and other telephone problems. This option is not recommended, it’s very important to enable passthrough or bridge modem in order to avoid the double NAT scenario. Connection should be the same, however; going from the LAN of the modem/router to the firewall WAN port.
Once in bridge modem the Wi-Fi will no longer work!
But even if the Wi-Fi would work, you would effectively be on a different network from the firewall. The solution is to get a Wi-Fi mesh network. Many options exist out there, however; I recommend going with either a Cisco, Linksys, or an Ubiquity AP. Plug these AP’s into the switch to configure, and then place in the office, spaced out to ensure good coverage throughout the building.
Hopefully this provided some basics on network setup and configuration. If you need additional help with your office network or need to configure the firewall with additional security measure please contact AlphaCIS a Managed Services Provider and Managed Cyber Security Provider in the Metro Atlanta area. Can reach us by phone as well (678) 619-1218
Dmitriy Teplinskiy
I have worked in the IT industry for 15+ years. During this time I have consulted clients in accounting and finance, manufacturing, automotive and boating, retail and everything in between. My background is in Networking and Cybersecurity