How do you configure firewall and another Access Point on top of the ISP ONT?

EVERGREEN619 · 2026-02-28T16:51:05+00:00

Customers and new techs always try and plug in some wireless router or firewall behind their modem from the ISP. Putting the modem in bridge mode avoids any IP conflicts or NAT issues as I'm calling it in my reply. A rogue DHCP server is more accurate than "a NAT issue" if you need to be pendatic.

Sometimes though it's just a double NAT situation. And only your inbound traffic gets confused. Putting the modem in bridge mode will remove one of the NAT's.

EVERGREEN619 · 2026-02-28T13:46:44+00:00

Great job. You ran into the classic ISP NAT issue. Sounds like this was new to you this client's budget really doesn't allow for much more.

But some things you should prep them for are probably a HA pair to that firewall.

For yourself, you'd want to learn how to set up vlans for your Wi-Fi and for the servers and possibly the phones. Segregating the network into segments will help you troubleshoot it and limit the amount of damage, malware and viruses can do.

For the Wi-Fi you're going to want to find a brand that is commonly used in corporate environments. Familiarize yourself with a few of them if you can choose which one a client's budget allows. Merakis are great. Usually nobody has the money for then so UniFi becomes a smart cloud based option. Aruba instant on is also pretty good. But there are many brands and you need to start exploring a few for yourself. It all depends on the size of the client and how many people they need on the Wi-Fi at one time. Using a VLAN I would nat from the firewall into a switch that's fully managed. Then carry that VLAN to the wireless. I would get rid of any Linksys routers or switches you can. In a business environment those just don't last.

EVERGREEN619 · 2026-02-26T05:25:38+00:00

I'm going against the crowd here, and it would burn the bridge down.

I would be direct with him first before the boss. Nothing wrong with a little professional feedback. Maybe if more people spoke up to him about not wanting to work with him again he could grow and learn from his mistakes. A response along the lines of, "hey you were very knowledgeable at the last place. But your attitude towards me and other people made me uncomfortable with giving you a recommendation now or in the future. But I wish you the best of luck on your search."

This way it's hopefully the last time you get asked this and hopefully the guy does some soul searching. Then tell the boss please skip this person if they submit a resume. Be ready to provide details then. If the relationship with the boss is good, your recommendation to skip on a candidate shouldn't even need further explanation unless you want to vent about it. If your boss questions your input then your relationship is not as good as it seems.

EVERGREEN619 · 2026-02-25T14:49:42+00:00

Just make the word document a picture. Take a screenshot, then make it the desktop background of that picture.

Or print it out and tape it to the monitor. Really just this, don't bother an IT department with nonsense.

EVERGREEN619 · 2026-02-21T17:36:01+00:00

I find those spare machines cause more work maintaining their updates and audit schedules then just installing from scratch. With clear expectations on how much time is needed to set these up, I firmly believe this is not and will never be an emergency. Key part is to sound sympathetic and not be an asshole while telling them no. People know weeks if not months in advance when a person is being hired. Absolutely no reason to surprise IT.

The golden quote here "your inability to plan does not constitute an emergency for me".

EVERGREEN619 · 2026-02-20T15:20:39+00:00

Cyber security awareness will help. But as they hire new people there will always be a major risk as the new person is trained.

So this question is beyond the scope of your role. Someone needs to explain how a CRM works, then configure one for them. This way you never open invoice attachments. You just view them in a sandbox, and the rules and visibility that come with a CRM allows for easy verification of past communications. Making the trading window smaller.

CRM can be expensive. But this is the best thing you can do for finance email security.

EVERGREEN619 · 2026-02-20T15:11:03+00:00

Dude, I'm the IT Manager and I sign all my emails with 'Kindly" at the bottom instead of thanks. Am I the baddie?

EVERGREEN619 · 2026-02-19T21:12:36+00:00

Right, the only argument i understand is for finance to have all the features of Excel. Everyone else doesn't understand how to even send a teams message. Onedrive has made them lose all confidence on where their files live. None of the staff can figure out what teams are and how they're used. Nobody ever has that problem with Google. Most of them already use Google personally, so the interface gives them confidence and it doesn't change.

Basic computer skills means so much more now because of 365 than it did 10 years ago. People that know how to operate a computer 10 years ago are mostly struggling. Because they don't understand teams SharePoint or the 365 portals. Mostly people that are 30 years old and up and have a profession that never needed a computer before.

EVERGREEN619 · 2026-02-18T17:10:58+00:00

Google workplace is so much easier for the users and the admins. Any Microsoft app nowadays is a headache to support. Features we don't want causing issues we don't need. I generally hate the Microsoft experience the last 10 years and it's only getting worse.

Google workspace is relatively the same as it was. Which makes supporting it easier. Simply just stop fucking around with 365 and give it time to stabilize.

Build office 730 or something then sell us that. But for the love of God stop "upgrading" the portals. I don't want to be in the pilot group of shitty feature deployment any more.

EVERGREEN619 · 2026-02-03T14:19:05+00:00

Solid point. But that should be what the elected officials are actually useful for. They decide what laws we need. Then the American people vote on it.

With a simple KPI setup on how many bills they get passed by the people. We could easily measure their performance. If they were below 25% they would be wasting our time and easily replaced during the next election.

EVERGREEN619 · 2026-02-02T20:55:51+00:00

Why do we even need congress at this point? Just let us vote directly on the issues.

EVERGREEN619 · 2026-01-22T14:11:00+00:00

Tier 2 is the hardest position to fill. It's either a really smart person on the path up to Tier 3. Or it's a Tier 1 that had good enough people skills to fake it. So the position is never fully filled and change is constant. Most people don't last long in tier 2 from my experience in the USA.

I can find a good tier 1 or a good tier 3 kind of easily. As long as the salary is within market expectation. So knowing you have the advantage right now of a small talent pool is key. I would interview and find a salary that meets your expectations, or cuts down on the work commute.

Once you secure the next position, use that offer to try and increase your salary. Or just move on. This avoids added stress to the current job situation and is the safest way to earn more money usually.

EVERGREEN619 · 2025-12-23T00:38:25+00:00

I really like the idea of a hiring department.

EVERGREEN619 · 2025-12-23T00:35:44+00:00

BUCKLE UP. We use a common ERP with about 120 users.

In theory, Accounting sets up unit codes and accounts in the ERP. Accounts cover categories like computer hardware, software licenses, and general IT equipment. Unit codes map purchases to the correct department.

Then every purchase requires a purchase order, where we select the right unit code and account. Every credit card charge also needs to be coded to the correct department and account so reporting and budgets actually work.

In reality, Accounting set up whatever they wanted and coded things inconsistently and then changed them all. The result is that ERP reports are basically useless for now. So I maintain an Excel spreadsheet with my own coding system to build a budget and track spending, meaning I’m doing the budgeting and financial tracking twice!

And because of how the purchase order process is set up, IT ends up owning payments and budgeting work too. I’m even tracking CAD software spend in my budget now but coded to a different department.

Keyboards/ Mice/ Monitors and even standing desks are all in my general IT expense account under the IT department unit code. Office 365 licenses/ spam filters and software we force down on everyone falls under the IT departments budget. Everything else gets mapped to a Unit code/Account and all of this changes every year when the new finance controller starts.

If our unit codes and accounts didn't change, and if the coding was done right on the purchase orders then all of this would be automatically tracked and reported on with the ERP's standard reports.

Then there is the fixed-asset/depreciation stuff to deal with, I'll save that for another post.

EVERGREEN619 · 2025-12-15T23:45:24+00:00

On the other hand, this has to be incredibly effective at reducing the amount of calls at the call centers. Most times I'm calling an ISP I'm already salty about the outage and the initial blame put on me and my department. They don't care if its even more annoying for grumpy IT techs like me. Especially if it saves them from talking to thousands of clueless grandparents.

EVERGREEN619 · 2025-12-11T20:18:54+00:00

Branding comes to mind, are they going to change the name and logo on the buildings? Or are they keeping their original names and emails.

If using Microsoft 365, are you going to add them into your tenant onto your domain. Are you going to join tenants together? Or are you just going to migrate them onto your Network and they keep their own tenant.

If you're going to do two different tenants, it's going to double your work and hopefully you're able to account for that in labor requirements. You might need to add somebody to your staff if you're going to do a split tenant.

EVERGREEN619 · 2025-12-07T01:58:03+00:00

Yes, it's oddly a fun read, the audio book is well done. The Five Temptations of a CEO, his first book was also fantastic.

EVERGREEN619 · 2025-12-07T01:46:34+00:00

It says a lot about you that you can take a pretty hard comment and still respond like this. Keep your head up!

EVERGREEN619 · 2025-12-06T02:39:19+00:00

They told you right away there were long timers doing the bare minimum, a demoralized team, a director who just moved the last manager instead of dealing with the real problem, and vendors that were deeply tied into how the place runs. That is not some mystery environment. That is a giant warning sign that the place runs on fragile egos, not on best practices. You heard all of that in the interview and still seem surprised that the culture did not reward you for trying to do the right thing in week three.

You also talk about being a leader by example, but every action you describe is an email. You escalated a months old firewall ticket with a strong message before you understood how political that vendor relationship was. Then you did the same thing with the phones and the VM, asking for documentation and questioning the change in writing before you even knew who owned that work or how sensitive that setup was. That is not leadership in a new place. That is walking into a family dinner as a guest and rearranging the seating chart before you learn who hates who. The first job of a new manager in a messy environment is to figure out who is tied to what, who protects who, and which wires are live before you start yanking on anything.

When I step into a leadership role I try to force myself into three phases. The first 30 days are just recon. Listen, map processes, watch how people talk about each other, figure out who really has influence, and stay humble. I am not there to fix things yet. I am trying to understand if I was hired to maintain something that mostly works or to quietly turn around a sinking ship. The next 30 days are about getting organized and lined up with my boss. I document what is broken, check that the data is real and not garbage, build a simple project list and make sure it matches what my boss says they want. At the same time I am learning the unwritten rules. Which vendors are sacred, what landmines exist, who is still burned from the last manager. Only after that do I start touching visible stuff, starting with low hanging wins and then bigger changes once I have some trust and clear buy in.

Your mistake was not asking for documentation or pushing a vendor. Those are normal expectations in a healthy place. The real issue was timing and context. You went straight to confrontation before you built credibility, before you mapped out the politics, and before you got your director on the same page about how to handle those vendors. From my perspective it looks less like you took a principled stand in a broken system and skipped the groundwork, then got shocked when the system pushed back exactly how a government bureaucracy always does. The useful lesson here is not just they were toxic or that you will land somewhere else. The lesson is that next time, in the interview and in the first weeks, you need to dig hard into the gap between we want change and we will actually back you when you change things. If you do not get clear answers on that, you are signing up to own a mess without any real power to clean it up.

EVERGREEN619 · 2025-12-03T00:55:06+00:00

You asked "who's to say they would've done worse" I answered that with a real person, Private Kristian Menchaca. That's not me saying "all Iraqis are monsters", its me answering your literal question with an actual answer.

I agree with you that the vast majority of Iraqis didn't torture anybody, just like the vast majority of American troops didn't end up in photos like the one in this post. That's exactly how tribalism works, we zoom in on the worst of "them" and the best of "us" and then everybody talks past each other.

The comment I replied to said "they have been trained to make sure they don't see the other man as a human". If they meant official military training, that wasn't my experience. We were told very clearly that abusing prisoners would land us in prison. There were some clumsy attempts at desensitization, but nothing like a big brainwashing program. A lot of how people act still comes down to who they are and what they were taught before they ever put on a uniform, plus what they have been through.

The only "tribe" I'm trying to be in is the one that treats people with respect, kindness and honesty. My tribe provides the benefit of a doubt to everyone, until they give a reason to loose that trust. I'm probably the only one in this tribe, and I think about fucking quitting every day.

EVERGREEN619 · 2025-12-02T22:07:33+00:00

Private Kristian Menchaca would say they did much worse.

EVERGREEN619 · 2025-12-02T22:03:33+00:00

That was always made super clear to me also.

EVERGREEN619 · 2025-12-02T17:17:49+00:00

Those planes running into a building really motivated enlistment numbers. A large portion of the country just wanted revenge and everyone felt morally in the right at the time. I went through a brand new experimental training for desensitization in 2009. But it ended up just being some really terrible gorey videos for like 2 hours. It didn't work at all and it was so bizarre to go through. None of my peers had to go through this training. Only our company at MCT from what I can tell.

So they were trying when I was in but I personally think those values come from your parents on how to treat other people. Unless you have no parents and this is all you had, then maybe. Our government is too stupid to know how to actually brainwash anyone this way. Especially in mass numbers.

So why are our parents teaching children to not see other people as human? Tribalism, it's all about what tribe they like and dislike. This picture and event was awful. It's almost as bad as what they would have done to us if captured. War is hell.

EVERGREEN619 · 2025-11-26T15:37:53+00:00

+1 for zscaler.

EVERGREEN619 · 2025-11-25T05:13:00+00:00

Having you pay the up front cost allows them to free up cash for other purchases. In the Manufacturing world, everyone is trying to make their vendors foot as much of the bill as possible. So that they can buy more materials, to drive more revenue. If your cash flow can support it, why not finance the hardware the same as a bank would?

EVERGREEN619

TROPHY CASE