Redoing a existing network....

[+BudMan MVC]

whatever dude - removing **** your NOT using CAN NOT BREAK ANYTHING -- are you using teredo?? NO - its a tunneling protocol for ipv6 over 4, are you using isatap?(Intra-Site Automatic Tunnel Addressing Protocol) -- again a method of doing ipv6 over ipv4, not USING IT

6to4 tunnel, again NOT using it!! if you want to leave a IPv6 stack in place sure go ahead, you sure do not need these tunneling methods enabled. If you want your nic to have a local link IPv6 address, sure go for it - pointless unless your actually using ipv6.. Do your servers even have it enabled? If your running 2k3 server then NO its not.

So what do you want to do enable or disable icmp - I would guess you want to enable, because most likely out of the box its disabled.. I would have to lookup up the manual, I don't use those firewalls - did you read the manual? Which should of be step one before you even took it out of the box!!

I don't know what kind of connection you have, so I could not tell you if your PPP or not..

And again - yes its good security practice to disable protocols your not using, and its also just over all good house keeping.. But sure if you don't care if your house is a complete and utter mess then leave all your tunnels that your not using enabled and just beeping away on your network.. Pointless nonsense you could clean up with a few key strokes in your GP.

[pes2013]

Its enabled out of the box.

Did you read the article I pointed out saying that there are some built in programs that if IPv6 is disabled on W7, could break normal operations???

And our DC is Windows Small Business Server 2003

[+BudMan MVC]

"And our DC is Windows Small Business Server 2003"

Then it has NO ipv6 enabled out of the box - did you ENABLE it?? I highly doubt it!!

Then there is NO freaking way anything your doing with xp, vista, w7 or even 8 is doing anything with your server that has anything thing to do with you ipv6. Period - and they don't do anything to each other. So you HAVE NO USE if ipv6 on your network - NONE!! As I already stated disable it on a couple of machines if your worried. It takes 2 seconds and reboot to disable it, and same amount of time to re-enable it if something doesn't working. Which is not the case because if you have 2k3 server your NOT doing anything with ipv6, because its even enabled on that os unless you installed it..

And yes I read your link - it does NOT pertain to ANYTHING you could be doing because your not even running ipv6 on your server - so as I stated before everything ipv6 related on your clients is freaking noise! nothing more...

[StrikedOut]

Very quick and simple to disable, http://social.technet.microsoft.com/wiki/contents/articles/5927.how-to-disable-ipv6-through-group-policy.aspx. Doesn't look like it would take more than 10 min either.

[+BudMan MVC]

^ I already linked to that article back on post #36, and your link is bad btw -- there is a . on the end that causes it to fail.

[Obi-Wan Kenobi]

Hey pes2013 !!

Listen to BudMan,,

he has really good advice, he has helped me out of a jam once or twice as well. and I have been running networks since before windows was a household name.

:)

THIS, to the infinite power. Don't shun BudMan....he actually KNOWS what he's talking about. I suggest to listen to him. Don't be argumentive. He is the person that has kept my network still working through his advice to others. Trust the almighty BudMan... He'll help you get everything flowing properly. (Y)

[Original Poster]

"The wireless clients are MACed controll and WEP"

So completely open to anyone that can google then ;) Since both are completely and utterly useless as security measures.

agreed WEP is easy to hack and MACs easy to fake... you can sniff the working macs while you are cracking the WEP XD

[dnsing]

Here is the updated network with the DNS entry of my router removed and DHCP lease time increased to 1 day:

Next step that should be done? For now, with the new firewall and the AD updated to the new settings, internet access seems to be doing great without a hiccup (for now)

[+BudMan MVC]

Why are you posting from a different nic? That just joined? Your only suppose to use 1 account on neowin.

[sagum]

Its enabled out of the box.

Did you read the article I pointed out saying that there are some built in programs that if IPv6 is disabled on W7, could break normal operations???

And our DC is Windows Small Business Server 2003

BudMan is sound when it comes to advice. You should listen to him.

What he's basically doing here is offering you a near 100% walk through of setting up your network *perfectly*, apart from actually coming on site and doing it for you. All you just have to answer his questions and do what he says.

Do you even know how much he could be charging you for this service?

He's handing you the offer of a trouble free setup of your network, one that is secure, and easy to maintain after it's setup .. and you're throwing the chance it away.

Budman has more experience then most on these forums, if he says it'd be best to disable IPv6 if your clients aren't using it, he's probably telling you it for a reason that he's had experience from.

As for your lack of worry about security, if your clients are tunnelling IPv6 over IPv4, the machines are pretty much bypassing your firewall and giving them direct contact with the outside world over IPv6. While you'll have internet facing IPv6 addresses for this, you're still poking holes in to your network (directly to machines) from the outside and once they're in your network, they can use the Local and LAN IPv6 addresses to attack any other IPv6 enabled machine on your network. It's just not worth the security risk, no matter how small it is. It's like the 90's all over again and people are just ignoring it as a non-issue.

Lastly, I noticed you weren't too concerned about WiFi setup, one of the reasons your network could be dropping its connections is if a rogue attacker has your WEP key and is using all your bandwidth or simply screwing around with the network in general. Security should almost always be one of your top priority, even more so on a live network.