Getting TWC Business Class > Modem/Firewall Question

[KJ6EO]

Thanks for reading my post. After struggling with the slow speed of DSL for many years, I'm dumping it. Early next week I'll get my TWC Business Class broadband installed. I have a few questions. What kind of modem do they use? Is it just a Modem or a combo unit (Modem/Firewall)? If it has a Firewall, is it fully configurable (deny, accept whatever port, whatever protocol)? I bought a SURFboard SBG6782-AC. It has a firewall in it but you can only use a LOW, MEDIUM, OR HIGH setting. It's not flexable to allow you to choose whatever ports you need. So needless to say, I'm returning it. My main Linux Server has an extensive IP TABLES firewall. However, I still want some kind of firewall at the modem. If TWC only installs a modem, then I'll use something simple like a Netgear ProSafe FVS318 immediately after it. Any answers/suggestions you might have would be appreciated.

 

[EarDemon]

Are you going with fiber or DOCSIS (copper) service? I would assume DOCSIS, but if in the off chance fiber, you can ignore this.

At work we have both dedicated fiber and DOCSIS from TWC. The fiber feeds our main network and the DOCSIS is for guest access and for me to play with so I don't screw up our real network when testing things. The modem we have, and it's a combo modem/wireless router, is a Ubee DDW365. Time Warner generally does not use standalone DOCSIS 3 modems, they only hand out combo gateways. If you would rather use your own firewall, router or DHCP server and WAPs, you can have the modem put into bridge mode, and then it will be a dumb modem with no WIFI/DHCP/NAT capabilities. Depending on the modem you get, you can do this yourself by Googeling the instructions, or call up TWC Biz Class and just tell them you want the modem bridged and they can make all the necessary changes remotely. Make sure they give you a DOCSIS 3 gateway that is capable of bonding the amount of downstream channels TWC is bonding in your area. In my area, Time Warner is heavy on Ubee and Arris hardware. In some areas TW locks out the advanced configuration pages in the GUI at 192.168.100.1, here they do not, and they just use the Ubee defaults of user/user for the UN and PW.

That's what I did at both home and work. At work I have the UBee gateway bridged and it feeds a cheap Cisco RV130 Router that takes care of routing and firewall features and that feeds various ultra cheap Cisco Small Business WAPs that I have set up in the lobby and guest eating areas. At home I have an Arris TG1672 gateway the is also bridged and all firewall & routing duties are handled by a Cisco RV320 router. Once bridged, the gateway is for all intents and purposes a standalone cable modem.

Now if you also get Time Warner's Biz Class Voice Service over DOCSIS, for whatever reason, in my area at least, they will provide you will two modems. One D3 gateway for data, and one data/voice combo modem that is only provisioned for voice. They will not install a modem that can handle both voice and data and have it active for both, you must have two modems.

Bottom line, have the modem bridged and you should be fine.

 

[KJ6EO]

Thank for your reply and for your suggestions. Unfortunately, no fiber for me. Our area was built in the mid 80's and everything is underground. ATT and TWC is all that's available. ATT asks $100 per month for 12/1 and 8 static IP's. They call it U-Verse, but it's nothing
more than glorified ADSL. They have fiber at their GW, but I live at the top of the hill and it's just too far away on copper to get their max
advertised speeds. TWC is asking me $180 for 25/5 and 5 static IP's. I think that's expensive and slow for the money. However, it's much better than what I had. Being a Radio Station, I transfer large files. Seeing that I'll have 5meg up now will be 5 times faster than what I had
before. I'll spend allot less time uploading stuff. As I previously said, my main Linux Server (Ubuntu) has an extensive IP TABLES firewall
running. But, I've always had the firewall enabled in the modem/router as an extra layer of security. It does get old sometimes when I have to open certain non standard ports. I have to do it in the router, and the IP TABLES firewall. I'm not familiar with cable (DOCSIS). I'll make sure
to ask them for a DOCSIS 3 modem. Also, as you said ... I'm also going to talk to them about the "advanced settings" of the modem and make sure they don't lock me out. They'll be installing it next Tuesday, as soon as I've had a chance to check it out I'll get back to you with the results.

 

[EarDemon]

What is was referring to was fiber from Time Warner. It is not offered thoughout their entire footprint, but even in the mostly rural village I work in that has a population of under 3,000, TWC provides dedicated business class fiber circuits. They have a pretty extensive fiber network and provide the fiber backhaul to many cell sites in their service footprint. All three cell phone towers in the village I work in, the Sprint tower and yes even the Verizon Wireless and AT&T Mobility towers are powered by Time Warner fiber provisioned at 1 Gbps. They offer speeds up to symmetrical 10 Gbps, the only limit is how much you want to spend.

Yes, as you said, they are pretty expensive. At work, the DOCSIS connection for 7 Mb/768 Kb (over provisioned to roughly 8/1) runs us $80/month. You're getting a little better deal at $180 for 25/5. The fiber connection was insane, we were paying like $650 for 5/5. Yes over $600 for 5Mb sym with 5 static IPs. When we switched our company phone system over to TWC and went with their PRI over fiber, that was increased to 10/10, and with the bundling discount, the data price dropped in almost half. Total average bill is about $1500 for the 10/10 fiber with 5 static IPs, PRI with unlimited local and long distance calling, 350 DIDs, 5 toll free numbers, a few thousand international minutes, the copper 7 Mb/768 Kb line and two DOCSIS phone lines.

One more thing, TWC over provisions by roughly 20%. You're connection should max out and test out in the neighborhood of 30/6.5.

Good luck!

 

[BigRyan]

Here in Texas we have RR Business class at work, they gave us a SMC Cable modem router that can handle 4 static IP's, I have logged into it with cusadmin password and it is basically the same as the residential DOCSIS modems, meaning you can view your feq, signal, return, and SNR. No firewall or any settings for the user at all.

 

[KJ6EO]

TWC came out yesterday and installed my Business Class Service. Unfortunately, I had trouble from the start. I purchased a 25/5 plan with 5 Static IP's. What I got was 30/3 and no Static IP's. The modem was set up for a typical Home User (DHCP with Dynamic IP's). I called TWC Network Support. They tried to reflash the modem to include my Static IP's. After they reflashed it, they couldn't ping it. So they sent a Tech out today to replace it. After the new modem was installed, I just had them put it in bridge mode. I checked the Static IP's and they're working correctly. The speed though is horribly slow. At install I was getting 30/2. Tonight after 7pm the upload speed dropped all the way down to 500Kbit's/s. I was so disgusted that I unplugged the modem. I complained to my TWC Sales Rep and his Manager is supposed to get in touch with me. What really bothers me is I signed a 36 month agreement. So, I'm hoping that TWC will do the right thing and take care of me. I'll come back an post again after I've spoken to the Manager.

 

[KJ6EO]

Well, the TWC Manager hasn't bothered to call me back. Glad I didn't hold my breath while I was waiting . I've complained to my TWC Sales Rep again. Putting the Modem in Bridge Mode didn't work out, so I had them take it out of Bridge Mode. I assigned one of my Static IP's to the modem and turned off DHCP. I bought a NetGear FVS318Gv2 hardware firewall to put after the Modem. I had some trouble configuring it so I had to call Tech Support a couple times. I will say this, their Tech Support really did a good job. After I understood how it worked, getting it configured was a snap. Setting it up for a home network is easy, just configure the Broadband ISP settings, plugin, and surf. Dealing with the Static IP's required a little more work. For each Static IP, an outbound rule has to be created (LAN IP > NAT > Public IP). Inbound is handled about the same way (Public IP > DNAT > Lan IP). Both Inbound/Outbound rules can be filtered of course. I've got 1 Outbound rule and 15 Inbound rules. So the firewall project it finished. This will give me more time to BUG TWC about not giving me the speeds I paid for.