4:15 PM
Paul B
 |
| Ethernet Cable (Photo credit: David Davies) |
This change didn't affect our production web servers, as those are hosted elsewhere, but we do have some services, mostly QA and development, that need to be available externally. We also have remote workers that require VPN access, and all of that stuff is affected by a public IP change that usually comes with changing Internet services.
Here are some things you need to consider if you are planning a change like this:
Know of anything else one might plan for when changing ISP's/Public IP's? Let us know in the comments!
- Will You Have Enough IP's? - Make sure when signing up for your new ISP, that you request enough public IP's. You can get them later, but it will save you some time and effort if you take care of it ahead of time.
- NAT Rules/DMZ IP Changes - If you have services opened to the public, you will have rules in place on your firewall to allow it. Make sure you plan for the IP change ahead of time.
- Site to Site VPN - If you have any other remote sites that connect to your site over the Internet, you need to update the VPN rules on your remote sites before changing the IP address of your firewall. If you don't, you will lose connection, and you will have to revert your changes before you can fix it. That is unless you have management enabled from the WAN side of your firewalls which is never a good security idea.
- Partner Firewall Rules - This might not apply to you, but at my company we have partners that develop their product integrations with our products using our Dev and QA environments. Many of these partners only allow connections to and from them to certain IP's. If your IP's are going to change, you need to let your partners know so they can update their firewall rules.
- DNS Changes - With IP changes, also soon follows DNS. If external people were accessing your services with a FQDN before, you need to update those addresses with your public DNS service.
Related articles, courtesy of Zemanta:
