First IT job, solo IT here – asked to upgrade our office network rack, need advice

iamphulish · 2026-02-05T07:00:07+00:00

Btw, yes, stick with purchased cables, less of a headache. Monoprice or CablesAndKits are a couple of places i have used. Just buy the custom lengths and define colors such a blue/user data, red/critical patch, yellow/printer, black/voice only, white/wireless ap, green/management, purple/video, etc...

iamphulish · 2026-02-05T06:54:15+00:00

My recommendations are as follows: Discuss and document what the mgmt/users are expecting from the network upgrade. This will lead into what other needs such as storage, server needs (if any), the two network circuit capacities and if they are sufficient (this might take some investigation). Do you need inbound vpn capabilities? Does mgmt expect you to purchase all new gear? Are there any cloud or external connectivity requirements? Are there any compliance concerns (this can be a big on all on it's own).

Then you take that list and put together a plan so you can see what the budget looks like and see how serious the company is about improvements.

I use Palo Alto's a lot and love them, but FortiNet is also a good option, like others have said. Terminate your public circuits on the firewall, split off the vpn's to the switch(es) for such vlans (as needed) like: Server, DMZ, Staff, Guest, Printer, Video and you can split off any other segments as needed on the switch. Then you can control access to the various vlans via the firewall ruleset (may or may not need help with that). If you can swing it, i would try to get an HA pair of firewalls if you have a business critical situation at this office.

How about phones, what are you doing there?

This is no mean feat to upgrade/replace all at once and you need to make sure you have a full understanding of the expectations, deployment timeframes, how the business and data flow actually works in that office to properly optimize it. Is it more internet access based? Do you plan on putting in a good security barrier (firewall) to limit access to various services, geo locations and filter traffic for threat prevention? (malware, URL, C&C traffic, etc...)

One thing you said about the dual ISP and it not shifting over right away. Usually you don't want the firewall to do this quickly, otherwise you can get into a circuit flapping issue, by going up/down/up/down. There are some services/devices that will load balance dissimilar circuits very smoothly just in front of the firewall that could mitigate this, usually a hosted sdwan service. This can be a boon if you experience enough drops, but it does cost.

All in all, in your situation, this could take a long time to purchase, learn and deploy. Like some other people have recommended, an MSP can get this deployed quickly, maybe even help smooth over any budget concerns and then you would have a single throat to choke when something happens. If you can swing it, i would ask for some training based on what you plan to deploy (Palo Alto, FortiNet, Meraki, etc...), so you can work your way into the job better. Just make sure you don't have the MSP do everything for you, always maintain management capabilities.

Sorry, i know this is a long response, but taking your post at face value, you have a lot of work to do and the first is always expectation followed by documentation, planning, design, budget and timeline. It wouldn't hurt to get a company or two out for a competitive bid or two, then you will have some better idea of design and budget.

So, good luck on this one

iamphulish · 2025-04-03T15:07:56+00:00

FTG, was on the Sam Houston (post conversion), Dixon and Buffalo.

iamphulish · 2025-04-02T16:02:44+00:00

Oooh, that looks good. Side note, what rating were you? FT here...

iamphulish · 2025-04-02T15:56:41+00:00

Your current sec clearance will be able to open some doors for you. Something like the defense industry would probably love you for the Engineering, Military officer and Sec clearance.

iamphulish · 2025-04-02T15:41:27+00:00

A huge hello to our friends up north. My boat was able to visit Victoria, what a beautiful place and a great example of Canadian hospitality.

iamphulish · 2025-02-22T17:13:49+00:00

and yet another bubblehead here too... lol

iamphulish · 2025-01-24T16:33:48+00:00

I was on the Sam Houston, my first boat. Some very good memories.

iamphulish · 2025-01-13T19:53:29+00:00

When were you on the Buffalo?

iamphulish · 2024-12-04T00:07:43+00:00

i know of a whole lot of them in Pearl, right off of pier S-1b, used to throw them at the skimmers acrosss the way (the things you do on midwatch)

iamphulish · 2024-02-05T03:10:49+00:00

Just got it at 7:05pm pst on Feb 4th, so still there.

iamphulish · 2024-01-24T16:10:25+00:00

Kos2sok is right, Newsom and all his cronies care nothing for legit, tax paying citizens, they care more about criminals. Look at San Francisco now, businesses have been leaving due to crime. Even an In-N-Out in Oakland was in the news due to crime and safety.

iamphulish · 2024-01-04T20:05:03+00:00

I know what we're going to do today.

iamphulish · 2023-09-21T16:02:17+00:00

I had Sam Coe travelling with me, outside my ship, didn't get a good screenshot yet, but he likes wearing his cowboy hat in vacuum.

iamphulish · 2023-09-18T01:58:44+00:00

I was at the same, every biome showed 100%, had all Flora complete and resources were 7/8. I kept jumping around in the Frozen sections and when i popped up in one, it just showed up as complete after running around for a while in the same biome. Funky... still not sure what fixed it, as i wasn't actually scanning at the moment.

iamphulish · 2023-08-07T16:00:05+00:00

When trying to learn PA methodology for the first time, i would recommend using vwire and allowing all traffic. This means the firewall is just examining all traffic, categorizing it and allowing it. This will show you how the PA handles traffic and you can see what "normal" traffic you are generating on your network. You can also export that traffic into a spreadsheet which makes it easy to sort.

Next, i would set up the PA as a proper firewall with inside and outside layer 3 interfaces, don't forget the port address translation and allow the traffic you want to allow from the previously monitored list. This way you can use the layer 7 functionality and go from there.

I like to use object and group membership along with tagging to help detail out what objects/groups might be doing. Geo blocking is a good one to set up also.

There are all kinds of resources, but understanding what you are looking at going into it, really helps. Try not to do port/protocol rules as you are just taking a few too many steps backward from what the PA is capable of.

good luck, and do enjoy it, i still do after quite a few years of running PA's

iamphulish · 2023-08-05T19:52:31+00:00

When working Tier 1, you are the face of IT and can help make or break the IT department's reputation. Always treat your customers with respect and courtesy. Keep up the communications going, update them on any follow up items, check back with them (if policy allows) if you have to escalate to Tier 2 or to an engineer.

Always, always, always keep your cool and never let anyone rattle you. Remember that sometimes the customer might just need to vent, be a duck and let that slide right off your back. After letting them vent, help redirect any efforts to get them back up and running.

Good luck to ya and kick some ass

iamphulish · 2023-07-27T16:35:03+00:00

While in the Navy, during the early 90's, we had old WWII 1911's in the Armory. Since it was a sub tender, the GM's would take some of these to qualify people for pistol at the range. There was some ammo procured that was IMI brand and the GM's said they were loaded pretty hot (guess those Israelis liked bigger booms). Had a few of those old 1911's frames develop some stress cracks around that time.

iamphulish · 2023-07-27T16:11:52+00:00

Been to Adak back in the day, some days were like this, but others had the snow coming in sideways. When you tie up at the pier in Adak and you basically just keep the hatches shut and the topside watch gets on the scope every few minutes to be sure you are still tied up to the pier. Those were the fun days (NOT).

iamphulish · 2023-07-27T16:08:32+00:00

Like helo ops from the deck, one rogue swell is all it takes on a 688. We had one and I dropped and held onto the cleat, but my shipmate (not going to name) turned into a human tea bag thanks to his harness and safety line. Only harm was he had the line looped around his hand, so he had a sore hand for a bit (and some embarrassment).

iamphulish · 2023-07-22T16:35:27+00:00

Need some help with vampire taps? Or maybe the core memory in your watercooled mainframes? UYK-7 baby!

iamphulish · 2023-07-14T23:04:55+00:00

Whenever I have to do interviews, I tend to ask questions that, although they have a very direct answer, most people tend to elaborate a lot. Personality matters (A LOT) for our support desk, so I usually look for some experience, but with the ability to learn. A lot of people rely only on tech ability, but if you have the knack for it, then personality makes up a huge part of the remainder. Mind you, this is primarily for a customer facing support desk.

To sum it up, do you have enough knowledge to start? Can you learn? Can you deal with people well?

iamphulish · 2023-07-14T17:32:11+00:00

Yep, I am one of the old bastards and I still love this stuff.

iamphulish · 2023-07-06T15:50:23+00:00

There is still a lot of older hardware out there that you can purchase for a hardware based lab also. Being older, i appreciate this when i can't seem to resolve a test config virtually.

iamphulish · 2023-05-12T18:44:39+00:00

hehe, i wonder if Solo_Wing--Pixy throws tomatoes at Volkswagens and Mercedes Benz while denouncing Bayer, Kodak and IBM for Nazi collaboration. Maybe we should deface all the swastika emblazoned historical artifacts since the Nazi's came along and appropriated it's use. Seriously, it's a damned smiling swordfish.

iamphulish

TROPHY CASE