topic Re: Expand the office mode segment in Firewall and Security Management

Expand the office mode segment

Itzel_Gtz26 — Tue, 14 Feb 2023 17:40:02 GMT

I currently have a 24 bit office mode segment, but I need to extend it, I just have to change the skin on the object and install right?

Or do I need to create a new segment?

What is the best practice for this change?

Re: Expand the office mode segment

Danny — Tue, 14 Feb 2023 17:43:02 GMT

Correct, just change the subnet mask in the same object and install policy.

Re: Expand the office mode segment

the_rock — Tue, 14 Feb 2023 17:45:36 GMT

I will tell you what I did with couple of customers and never a problem. Dont bother changing default object for OM (though you can), just create new one, call it say "office-mode-network" and enable NAT (just default hide behind gateway option), give it say 172.16.10.0 and subnet 255.255.254.0 (thats /23, I do know that as bad as I am with subnetting LOL), make sure its configured in all the right places, push policy and vola, thats it : - )

Re: Expand the office mode segment

Itzel_Gtz26 — Tue, 14 Feb 2023 18:53:36 GMT

So both configurations should work?

Re: Expand the office mode segment

the_rock — Tue, 14 Feb 2023 18:54:56 GMT

Yup! What @Danny gave you and what I mentioned, both methods work 100%.

Re: Expand the office mode segment

Itzel_Gtz26 — Tue, 14 Feb 2023 19:08:23 GMT

Thank you both very much.

An additional question, when I make the change will my users who are connected be disconnected? or will it be transparent to them?

Re: Expand the office mode segment

the_rock — Tue, 14 Feb 2023 19:12:20 GMT

EXCELLENT question. Answer is no, they will not be disconnected...so here, let me give you simple example, because I did this few times with customers and there were no issues. Say you have default OM subnet 172.16.10.0/24 and for argument sake, you decide to use 10.10.10.0/24 instead. If you change it and push policy, users will NOT be disconnected and they will keep having same OM mode (172.16.10.xx), but once they reconnect next time, they will get new OM mode subnet IP from 10.10.10.0/24 subnet. Just ensure new subnet is included in same places as existing one (config, rules, etc...).

And no, they will NOT have to delete/re-create the site either, which is always a good thing, as most users hate doing that (well, at least from my experience : - )