Networking | MSP Toolkit

What This Category Covers

Networking tickets should separate physical/link state, IP assignment, DNS, routing, firewall policy, VLAN tagging, and application reachability. Test by IP and hostname before changing infrastructure.

First Layer to Isolate

IP layer first, then DNS, route, firewall/VLAN, and application port.

Useful Tools, Logs, and Portals

ipconfig /all
nslookup
ping/tracert
route print
Firewall logs
Switch/AP controller
DHCP scopes

Before You Escalate

Source/destination identified
IP and hostname tests compared
VLAN/firewall path checked
Recent network changes reviewed

Articles in This Path

Pick the closest symptom and work from there.

802.1X wired authentication fails after switch firmware update Always On VPN device tunnel connects but user tunnel fails Always-on VPN profile deploys but tunnel does not start before logon Application publish rule works by IP not FQDN Client receives APIPA address even though DHCP scope has free leases Conditional forwarder works from domain controllers but not DNS management test tool Conditional forwarder works on one server only Conference room SSID works until more than twenty devices connect DHCP failover pair healthy but one scope stops issuing leases DHCP lease updates fail after credential account lockout DHCP option for VoIP phones applies at headquarters but not branch scope DHCP reservations present but wrong scope hands out addresses DHCP scope has leases available but clients self-assign DNS & DHCP alerts indicate success while end-user experience never changes DNS & DHCP configuration survives testing but resets after restart or sync DNS & DHCP credential or certificate rotation breaks an existing integration DNS & DHCP feature works in web app but fails in desktop client DNS & DHCP healthy dashboard status masks a failing production workflow DNS & DHCP logging shows delivery yet the target workflow never completes DNS & DHCP new deployment works for pilot group but not for production rollout DNS & DHCP policy change applies in admin console but target users never receive it DNS & DHCP quarantine or protection action triggers but recovery workflow fails DNS & DHCP workflow succeeds for one account but fails for shared or delegated access DNS scavenging removes active record for appliance with static IP reservation DNSSEC validation breaks only one third-party SaaS domain lookup Edge firewall firmware upgrade resets one custom application rule Firewall geo-block policy stops vendor access from approved country range Firewall HA pair stays synchronized but secondary fails takeover test Firewall HA pair syncs config but not session state Firewall rules present but traffic still blocked Firewalls & Routing alerts indicate success while end-user experience never changes Firewalls & Routing configuration survives testing but resets after restart or sync Firewalls & Routing connector health looks normal but data stops syncing Firewalls & Routing credential or certificate rotation breaks an existing integration Firewalls & Routing feature works in web app but fails in desktop client Firewalls & Routing healthy dashboard status masks a failing production workflow Firewalls & Routing logging shows delivery yet the target workflow never completes Firewalls & Routing new deployment works for pilot group but not for production rollout Firewalls & Routing policy change applies in admin console but target users never receive it Firewalls & Routing quarantine or protection action triggers but recovery workflow fails Firewalls & Routing workflow succeeds for one account but fails for shared or delegated access Geo block enabled but approved vendor traffic also blocked Guest VLAN clients receive lease but no DNS servers Guest Wi-Fi portal loads slowly only on Apple devices Home user VPN drops every hour on the dot Inter-VLAN routing works for ping but not for HTTPS sessions Internal DNS record resolves correctly on servers but not on Wi-Fi clients Internal DNS zone replicates but one domain controller serves stale records Internal website resolves to old server for one subnet only L2TP or SSTP VPN broken after ISP modem swap Loop detected warnings after moving conference room switch Managed switch port flaps when docking station connects multiple monitors New ISP circuit installed but outbound policy still uses old WAN New switch stack forms but VLAN tagging is inconsistent Office guest Wi-Fi captive portal loops forever Outbound SMTP relay blocked because egress policy matches wrong object group PoE switch powers phones but access points reboot under peak load Port forward works externally but internal hairpin access fails Printers renew DHCP but keep old DNS hostname PTR records missing and backup software fails verification

Wi-Fi & Switching healthy dashboard status masks a failing production workflow

Field Summary

Wi-Fi & Switching healthy dashboard status masks a failing production workflow is a Wi-Fi & Switching ticket where the visible symptom can be misleading. Network tickets should be split into link, IP assignment, DNS, route, VLAN/firewall policy, and application reachability. Green status on one layer does not prove the path works. The fastest path is to identify which layer changed and prove it with logs or a repeatable test.

Read more about Wi-Fi & Switching healthy dashboard status masks a failing production workflow
Log in to post comments

Wi-Fi & Switching policy change applies in admin console but target users never receive it

Field Summary

Wi-Fi & Switching policy change applies in admin console but target users never receive it is a Wi-Fi & Switching ticket where the visible symptom can be misleading. Network tickets should be split into link, IP assignment, DNS, route, VLAN/firewall policy, and application reachability. Green status on one layer does not prove the path works. The fastest path is to identify which layer changed and prove it with logs or a repeatable test.

Outbound SMTP relay blocked because egress policy matches wrong object group

Field Summary

Outbound SMTP relay blocked because egress policy matches wrong object group is a Firewalls & Routing ticket where the visible symptom can be misleading. Network tickets should be split into link, IP assignment, DNS, route, VLAN/firewall policy, and application reachability. Green status on one layer does not prove the path works. The fastest path is to identify which layer changed and prove it with logs or a repeatable test.

Read more about Outbound SMTP relay blocked because egress policy matches wrong object group
Log in to post comments

Route-based tunnel carries traffic one way only after ISP failover

Field Summary

Route-based tunnel carries traffic one way only after ISP failover is a Firewalls & Routing ticket where the visible symptom can be misleading. Network tickets should be split into link, IP assignment, DNS, route, VLAN/firewall policy, and application reachability. Green status on one layer does not prove the path works. The fastest path is to identify which layer changed and prove it with logs or a repeatable test.

Read more about Route-based tunnel carries traffic one way only after ISP failover
Log in to post comments

Firewall HA pair stays synchronized but secondary fails takeover test

Field Summary

Firewall HA pair stays synchronized but secondary fails takeover test is a Firewalls & Routing ticket where the visible symptom can be misleading. Network tickets should be split into link, IP assignment, DNS, route, VLAN/firewall policy, and application reachability. Green status on one layer does not prove the path works. The fastest path is to identify which layer changed and prove it with logs or a repeatable test.

Read more about Firewall HA pair stays synchronized but secondary fails takeover test
Log in to post comments

Web filter category update blocks line-of-business app download endpoint

Field Summary

Web filter category update blocks line-of-business app download endpoint is a Firewalls & Routing ticket where the visible symptom can be misleading. Network tickets should be split into link, IP assignment, DNS, route, VLAN/firewall policy, and application reachability. Green status on one layer does not prove the path works. The fastest path is to identify which layer changed and prove it with logs or a repeatable test.

Read more about Web filter category update blocks line-of-business app download endpoint
Log in to post comments

Inter-VLAN routing works for ping but not for HTTPS sessions

Field Summary

Inter-VLAN routing works for ping but not for HTTPS sessions is a Firewalls & Routing ticket where the visible symptom can be misleading. Network tickets should be split into link, IP assignment, DNS, route, VLAN/firewall policy, and application reachability. Green status on one layer does not prove the path works. The fastest path is to identify which layer changed and prove it with logs or a repeatable test.

Read more about Inter-VLAN routing works for ping but not for HTTPS sessions
Log in to post comments

Edge firewall firmware upgrade resets one custom application rule

Field Summary

Edge firewall firmware upgrade resets one custom application rule is a Firewalls & Routing ticket where the visible symptom can be misleading. Network tickets should be split into link, IP assignment, DNS, route, VLAN/firewall policy, and application reachability. Green status on one layer does not prove the path works. The fastest path is to identify which layer changed and prove it with logs or a repeatable test.

Read more about Edge firewall firmware upgrade resets one custom application rule
Log in to post comments

Static NAT entry published correctly yet source IP logging shows proxy address

Field Summary

Static NAT entry published correctly yet source IP logging shows proxy address is a Firewalls & Routing ticket where the visible symptom can be misleading. Network tickets should be split into link, IP assignment, DNS, route, VLAN/firewall policy, and application reachability. Green status on one layer does not prove the path works. The fastest path is to identify which layer changed and prove it with logs or a repeatable test.

Read more about Static NAT entry published correctly yet source IP logging shows proxy address
Log in to post comments

Port forward works externally but internal hairpin access fails

Field Summary

Port forward works externally but internal hairpin access fails is a Firewalls & Routing ticket where the visible symptom can be misleading. Network tickets should be split into link, IP assignment, DNS, route, VLAN/firewall policy, and application reachability. Green status on one layer does not prove the path works. The fastest path is to identify which layer changed and prove it with logs or a repeatable test.

Read more about Port forward works externally but internal hairpin access fails
Log in to post comments

Subscribe to Networking