netgear fvs318gv2 setup in office with 2 lans and 5 static ip's

Originally we had a 24 port unmanaged switch with a active directory domain controller/dhcp that handled all of the office staff.  There was one static ip that was used for a vpn with port forwarding from the Comcast modem to the domain controller (all built by someone else).  

the comcast modem was set to allow the domain controller to act as dhcp(this I was told was necessary for name recognition to work throughout the network) for the network.

------- We wanted web presence IIS 10, 2 DNS servers, Mail server, Database server etc....

we added an older hp proliant server with 12 threaded cpu cores (doubles to 24 in esxi), 64 gig ram, and 15 terabytes of disk space.  We are running esxi on the server and have created two virtual machines with server 2016 datacenter on them.  

we upgraded from one static to 5.

So I plugged the proliant directly into the comcast modem and configured the esxi host and two virtual servers with static ip's.  This worked and I could configure the servers and everything functioned OK.

 --------------------------------------------------------------------------------------------------------------------

Problem ---

The web site for the companies online point of sale/database, mail, basicaly anything hosted on the servers was unmanageably slow when accessed from the office lan.

Basically, anything using one of the fixed ip's would not function correctly from the internal lan.  I was not certain exactly why that was happening,

when I would do a tracert to one of the statics it would go immediately to the 10.202.46.1 gateway then sit for 20 seconds and make one hop to the statics. What I thought would be faster was if it would route to the internet and then back to the statics.

1 thought was

the esxi host  would always get the domain suffix of the internal lan (hostname.XX##XX.local) even when it was configured with one of the static ip's and I tried to configure it with a fqdn using esxi dns setup.  I think this may have slowed things down when trying to access the servers.

Or

The routing from the internal lan to the fixed ip's in the modem. caused by the modem not handling the dhcp and the lan not using the 10.1.10.1 network that the modem defaults.  The lan is set up with a 10.202.46.1 network.

Or

I don't know

--------------------------------------------------------------------------------------------------------------------------------------------------------- 

My Fix --------

I got the  fvs318gv2 and after a little of a learning curve I was able to set up the office lan 10.202.46.1 255.255.255.0 as one lan and set it to port 2.

I then set up a lan for my fixed ip’s (this is where I think I am not set up right),  96.xxx.xxx.xxx with 255.255.255.248 (this gives me a network address 5 statics and an ip for the modem) and set it for ports 3 and 4.  I then set the esxi host for one of the fixed ip’s and the two virtual servers were already set to two of the other ip’s .

I also have the default 192.168.1.1 255.255.255.0 lan set up on all the other ports and attach a laptop directly to the firewall to configure.

I changed the comcast modem to act as it’s own dhcp so the firewall gets a 10.1.10.1 address from the modem.

-------------------------------------------------------------------------------------------------- 

The Question ---------

Is this the way to set up the public ip’s I think it’s going to work (right now the IIS for example is only available from the 10.202.46.1 network and not from the internet).  I just figured that out last night when I tried to access the servers from home.  But I am guessing that I just create rules for the public lan opening ports 80,53,25 etc and I should be live.  (I am kind of waiting to see if I get an answer from you guys but I may go back to the office tonight and try to do that).

Doing some reading it seems that I should keep my servers on a private lan and set all the public ip’s (haven’t figured out how to do that –help--) to the wan.  Then forward all requests to the appropriate machine which seems more difficult but I want to configure it correctly and I am sure there are reasons if this is the way to go.

I am also going to be setting up vpn access for several of the workers which I will do after I get the rest of the system working.  I haven’t yet tried to do that yet one of the problems I may run into is that the firewall has a 10.1.10.xxx address from the comcast modem not public.  However the comcast modem itself has a public in the 96.xxx.xxx.xxx the last ip of my 255.248 lan.  Than address is accesable right now on the net so I believe I will be able to just port forward from the comcast modem to the vpn firewall to set up the vpn’s MAYBE ANY HELP HERE WOULD BE APPRECIATED ALSO.

This setup completely fixed the slow response from the local lan to the statics (yay)

Sorry for the long write up thanks for reading

Mark