This is so obscure, but I figure everything's gotta start somewhere...
The wife's work computer has Global Secure Access on it; when she wfh, rather than using a VPN that (GSA) logs her into her corporate network etc.
At home, that works if she plugs her computer straight into the ISP modem; but (as it's FTTH) we don't actually need the modem, but just connect the internet direct to our home router to save some hassle. And her GSA doesn't work in that case.
I'm gonna see about getting the ISP modem into bridge mode, and try to stop any NAT issues; in the meantime, is there something my router may be missing, that the ISP modem has, that would be allowing GSA to work as it should?!
but (as it's FTTH) we don't actually need the modem, but just connect the internet direct to our home router to save some hassle.
Why not just leave the modem in-between the fibre and the router?
It seems like taking it out is creating more hassle and I don't see what the downside of leaving it in is?
‘Plugs’ ?!?
My work laptop has GSA on it. I just connect to my guest network and it all runs OK. I’d assumed that GSA was just some VPN provider since that is how it acts.
I use BRSK (or whatever they’re now called) and have my MESH router plugged into their ONT.
a reason to avoid any ISP routers between the ONT and your own router is to avoid the dreaded ‘double NAT’.
Your wife could speak with corporate IT. I imagine that they want people to work from home with whatever tech is present.
I don't understand, what is the "modem" in this context? Are you going ONT > ISP router > another router? Or are you swapping between the two and the ISP-provided router works but your replacement doesn't?
Also, doesn't she have an IT department?
a reason to avoid any ISP routers between the ONT and your own router is to avoid the dreaded ‘double NAT’.
If you're with Brsk then (unless you've paid extra for a static IP) you're effectively double NATted anyway because you're behind CGNAT.
If you're with Brsk then (unless you've paid extra for a static IP) you're effectively double NATted anyway because you're behind CGNAT.
That is true. I pay extra for a fixed IPV4 address.
For clarity for the OP, my work laptop worked fine with GSA before I got the fixed IPV4 address.
Global Secure Access is a Microsoft offering - https://learn.microsoft.com/en-us/entra/global-secure-access/overview-what-is-global-secure-access
Thanks for the answers!
Are you going ONT > ISP router > another router? Or are you swapping between the two and the ISP-provided router works but your replacement doesn't?
Good question - the latter. I could switch the entire home network over to the ISP modem/router; but there's a lot of faff, including DHCP reservations, a separate mesh network etc. And I'd just prefer to have our home network running from my own router.
With the last ISP (Virgin cable) I switched the virgin router to bridge only mode, and had cable> ISP modem> home router. But trying that with the current ISP (Vodafone FTTH) modem (ONT>ISP router> home router) doesn't work - the home router doesn't recognise a signal from the ISP router, and just sits there saying it's connecting. And I haven't even got to working out double NAT/ double DHCP issues.
So I plugged the home router straight into the ONT, with appropriate settings, and that worked fine, and avoided double NAT. Til the wife's GSA/ work laptop problem. Spoke to her work IT helpdesk, not much help, they said they don't help with personal/ home hardware issues.
But I have at least narrowed it down to "it works with the ISP router acting as modem; doesn't work with our home router acting as modem"
But I have at least narrowed it down to "it works with the ISP router acting as modem; doesn't work with our home router acting as modem"
I don’t understand this: ‘Modem’?
you perhaps mean ‘router’?
Given both routers do the same job and there’ll be nothing special about the ISP one I’d be inclined to first explore the laptop’s connections to resolve this.
As your home router works fine plugged directly into the ONT I’d not explore the ONT->ISP router->home router option. More complex. That means you can ignore ‘the home router doesn’t recognize a signal from the ISP router’.
edit. I’ve assumed your other devices connect fine with your router plugged into the ONT and your LAN and wifi are also fine.
edit edit. I might have missed it, but is the work laptop connected via wifi or patch cable to the LAN?
edit. I’ve assumed your other devices connect fine with your router plugged into the ONT and your LAN and wifi are also fine.
Yup. And work laptop connected via wifi or LAN, it works through the ISP router, not through my own router.
Given both routers do the same job and there’ll be nothing special about the ISP one I’d be inclined to first explore the laptop’s connections to resolve this.
Yeah, fair point - hence wondering what, if anything, my own router's missing compared to the ISP-supplied router that allows everything except GSA to work.
hence wondering what, if anything, my own router's missing compared to the ISP-supplied router that allows everything except GSA to work
Can the work laptop connect to the home router’s WiFi OK? If so then I’d be tempted to check any ‘deny’ firewall rules you have set up and the router logs for the laptop to see if there’s a rule or port setting preventing it going to the WAN. Maybe try putting the work laptop in the DMZ to see if that makes a difference?
The questions I'd be asking are:
What is different between the routers? There are exceptions but ISP-provided routers tend to be the most basic POS they can get away with. Is there some sort of 'advanced' feature on there which is cocking things up? Eg, my router has a QoS setting, but it's not real QoS and it bollockses up all manner of things.
What do you mean exactly by "GSA doesn't work"? What symptoms is she seeing? Are there error messages? Is there a log file somewhere?
[EDIT: see here]
The response from IT is a cop-out. I've been here, supporting home users with whatever random esoteric hardware configurations they may have is a bloody nightmare, but they should be still trying to help on Best Endeavours at least. Can they pull diagnostics to tell you why it's failing even if they can't fix it? Can they escalate to Microsoft?
wondering what, if anything, my own router's missing compared to the ISP-supplied router
As above, I'd be wondering what's extra rather than what's missing.
Good questions, thanks all! The work laptop connects to the home wifi OK; it connects to the home network fine too, and either way can go online, receive emails etc. Other VPNs connect fine, and everything else in the house is grand; it's just GSA won't connect through the home router, but will do through the ISP's router.
I'll see if I can get her to find a log or error file somewhere; and this has all at least given me something to go back to her IT helpdesk with. Last time she spoke to them they said it was our ISP blocking GSA (as if) and hence not their problem, but this is more useful.
My home router, tbf, I think is from about 2018 - perfectly fine generally, but I've no issue with replacing it if that's the answer. Just need to work out first what any new one needs!
QoS is off; DMZ, Port Triggering etc all off. Will explore more
Update! In the home router, I turned off Access Control (which wasn't doing owt anyway), reset address lease time, and switched the DNS from 8.8.8.8 to ISP-provided. One of those obviously met with GSA's approval, cause now it connects.
Thanks all, appreciate the help!