Navigation

    ML
    • Register
    • Login
    • Search
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups
    1. Home
    2. Tags
    3. firewall
    Log in to post

    • First Look Ubiquiti Unifi UXG Pro
      IT Discussion • networking ubiquiti firewall unifi router uxg uxg pro • • scottalanmiller  

      5
      1
      Votes
      5
      Posts
      1851
      Views

      @scottalanmiller said in First Look Ubiquiti Unifi UXG Pro: The new, unreleased Unifi UXG Pro just arrived here at the NTG Dallas offices. Woot! It's dual power supply, dual WAN, dual LAN, touch screen LCD and up and running! More details as we get to play with it. DAMN IT!!!
    • Vultr Firewall added Cloudflare
      IT Discussion • vultr firewall cloudflare • • JaredBusch  

      31
      4
      Votes
      31
      Posts
      1545
      Views

      @Mario-Jakovina said in Vultr Firewall added Cloudflare: As I said - we do have FQDN. I was just suprised when @Dashrender said they are free from Cloudflare I misspoke, I never meant that registered domains themselves were free. What I meant was free was DNS hosting and base level proxying from CF.
    • Help setting up routing
      IT Discussion • firewall routing • • Dashrender  

      21
      1
      Votes
      21
      Posts
      286
      Views

      @FATeknollogee said in Help setting up routing: @JaredBusch Just curious, what it the /23 on eth3, is that one of your LAN IP blocks from AT&T? AT&T can't issue private IP addresses.
    • Documenting Firewall Exceptions and Rules
      IT Discussion • linux windows firewall documentation firewall-cmd tracking change management • • DustinB3403  

      10
      2
      Votes
      10
      Posts
      165
      Views

      @IRJ said in Documenting Firewall Exceptions and Rules: @DustinB3403 said in Documenting Firewall Exceptions and Rules: I had to add some rules to a CentOS 8 server because some things stopped working that were previously working. (Not sure why this worked before, but it did) Adding a few rich rules resolved the issue immediately. None of this makes any sense. It's deny all and permit by exception. Why would you do anything else? That's the default, and that's what was working just fine for a long time. Suddenly it began "not working" and needed the exceptions made.
    • Unifi USG VPN from Behind NAT Firewall
      IT Discussion • networking ubiquiti vpn ubnt firewall unifi router ipsec usg • • scottalanmiller  

      5
      0
      Votes
      5
      Posts
      752
      Views

      @Romo said in Unifi USG VPN from Behind NAT Firewall: Also add the changes to a config.gateway.json file in the controller to changes directly made on the USG don't get deleted on next provision. One reason I hate these units.
    • P

      Is the concept of DMZ obsolete?
      IT Discussion • security firewall network security infosec dmz • • Pete.S  

      6
      1
      Votes
      6
      Posts
      276
      Views

      A proper DMZ is still a valid concept, but was never that big of a deal. There are almost no resources that make sense to put there. If you have those resources, then sure. But who does? The advent of cloud computing, cheaper colocation, better IT knowledge, etc. has led most shops to not try to make "internal/external" shared resources where one side is public and the other uses LAN security; and what little of that remains in need is generally addressed with VLANs in a slightly different way.
    • J

      Cisco ASA
      IT Discussion • firewall cisco routing vlan cisco asa • • Jimmy9008  

      9
      0
      Votes
      9
      Posts
      151
      Views

      @Dashrender said in Cisco ASA: @Jimmy9008 said in Cisco ASA: A and B can also RDP/ping devices sitting on C. If this is true, it's just a matter of rules/route allowing C back to A/B or a route specifically for C -> A/B. 172.16.0.0 vlan… switch IP = 172.16.0.1, ASA = N/A, gateway on the vlan is 172.16.0.1 (the switch) this is legacy. What appears to happen is that the switch has 0.0.0.0 set to 192.168.50.10 (the ASA) on a vlan2. So, traffic from 172.16.0.0 hits the switch IP at 172.16.0.1, then hope out 0.0.0.0 ^ I think its this that's causing the issue. This should be fine, this is what allows the C network to get to the internet so, when on the 172.16.0.0 network, the request goes to the switch's IP (172.16.0.1) which forwards it to 192.168.50.10 (the ASA), The ASA then doesn't have a rule allowing traffic from 172.16.0.0 to talk to 10.x, so it just dumps the traffic. At least that's what it looks like to me at this time. “C” network really?
    • Netgear R6400 / AC1750 Port Forwarding Overlap Issue
      IT Discussion • networking firewall router netgear port forwarding netgear genie netgear r6400 netgear ac1750 • • scottalanmiller  

      7
      1
      Votes
      7
      Posts
      197
      Views

      Roflol
    • Close ports on Linode Debian
      IT Discussion • firewall debian 9 • • WLS-ITGuy  

      5
      0
      Votes
      5
      Posts
      175
      Views

      P

      By default Debian comes with iptables. It will allowing everything but a normal Debian install have no services running. Run iptables -L to see the firewall rules. On Debian 10 the default is nftables.
    • Network Address Translation - CompTIA Network+ N10-007 Prof Messer
      Training • security youtube networking comptia prof messer video training it career it training network+ firewall routing nat • • steve  

      3
      2
      Votes
      3
      Posts
      209
      Views

      @mary said in Network Address Translation - CompTIA Network+ N10-007 Prof Messer: Is there any kind of slowdown when using just one port if you are getting a lot of traffic? No not really. The most commonly used ports are 80 and 443. They process quite a bit of traffic on your average workstation. In fact, most servers are designed to work with a single port or just a handful of ports open. For custom applications using a specific port makes it easier to troubleshoot issues and restricts non application traffic. Many apps are defaulting to 443 these days. Although, keep in mind SSL /TLS can operate on other ports.
    • Windows Firewall with Advanced Security - CompTIA A+ 220-1002 Prof Messer
      IT Careers • security windows youtube networking comptia prof messer certification it career video training it training firewall a+ windows system administration • • steve  

      13
      3
      Votes
      13
      Posts
      280
      Views

      @brianwinkelmann said in Windows Firewall with Advanced Security - CompTIA A+ 220-1002 Prof Messer: what about the Windows Defender, I mean the antivirus and the firewall of Windows They go hand in hand right? They go together as in they are both security components of the Windows operating system. But that's about the extent of it. They are both very good, they should both always be used, they are both for the purpose of security. But they are not actually associated other than in name.
    • Take your game to the next level with VMware Service-defined Firewall
      Starwind • vmware firewall network network security • • Oksana  

      1
      1
      Votes
      1
      Posts
      69
      Views

      No one has replied

    • Configuring a SOHO Firewall - CompTIA A+ 220-1001 Prof Messer
      IT Careers • youtube networking comptia prof messer video training firewall a+ router • • steve  

      9
      3
      Votes
      9
      Posts
      181
      Views

      Done with this one!
    • 10Gb/s Firewall Choice for Colocation
      IT Discussion • networking ubiquiti firewall unifi router colocation colocation america • • scottalanmiller  

      18
      1
      Votes
      18
      Posts
      473
      Views

      @scottalanmiller said in 10Gb/s Firewall Choice for Colocation: @bnrstnr said in 10Gb/s Firewall Choice for Colocation: Looks like the ER‑8‑XG could also be a good fit if you prefer the EdgeRouter series over the Unifi stuff. Also slightly less expensive, and better performance. https://www.ui.com/edgemax/edgerouter-infinity/ And ordered... we should have it on Monday. From the only vendor offering prime?
    • ISP Failover with Cisco ASA
      IT Discussion • networking firewall cisco router isp cisco asa failover • • Reid Cooper  

      22
      1
      Votes
      22
      Posts
      320
      Views

      D

      @scottalanmiller said in ISP Failover with Cisco ASA: That's mostly true. But Cisco considers it real Cisco and it shows their view of themselves. And that, I always think, is important. Cisco doesn't seem themselves as an enterprise player. And I've been in sales meetings with Cisco and that definitely comes through when talking to them. That's not what I got from my sales conversations with them. They were very explicit about real Cisco and the lesser sub-brands. Having been at two huge banks that were burned by being willing to use UCS, Cisco and enterprise are two words I never put together. From networking to phones to servers, Cisco is consistently overpriced and underperforming. I absolutely loved UCS, even wrote the original oVirt/RHV plugin for the VMFEX cards. They were ahead of their time with those boxes, but the cloud pretty much killed everything really cool and advanced about HW
    • Kerio Control "license error: license exhausted, cannot allow another host"
      IT Discussion • security networking firewall router kerio kerio control • • scottalanmiller  

      4
      1
      Votes
      4
      Posts
      419
      Views

      @pmoncho said in Kerio Connect "license error: license exhausted, cannot allow another host": Based on the couple posts I have seen, each registered user can have five devices. So, if they have 30 devices, they need 6 user licenses. Did they add any extra devices lately? Easily, but more likely they just let their license expire.
    • Why I See UTMs As Generally Bad in the Current Market
      IT Discussion • security networking firewall router utm ngfw • • scottalanmiller  

      35
      3
      Votes
      35
      Posts
      1276
      Views

      @Donahue said in Why I See UTMs As Generally Bad in the Current Market: @scottalanmiller said in Why I See UTMs As Generally Bad in the Current Market: @Donahue said in Why I See UTMs As Generally Bad in the Current Market: The reason we went with Fortigate over an Edge router, is that the Edge router couldn't do the IPsec bandwidth we were trying to hit. But mine is an NGFW with UTM bundled in. Could there been some other product that I dont know of that would have been better in our case? ERL does nearly half of what you need... https://community.ubnt.com/t5/EdgeRouter/ERL-Performance-Testing-with-IPSec-VPN/m-p/1053799#M44593 ER and ERPro are so much more powerful. The ER Pro has 2x the CPU power, and 4x the RAM. We'd expect it to be able to saturate your lines no problem. Of course that is "expect", but based on the ERL speeds, and that they run the same code, there is little doubt that it can push IPSec over 1Gig speeds. https://dl.ubnt.com/datasheets/edgemax/EdgeRouter_DS.pdf Your link is what convinced me not to use the ER pro. the Pro's will only do <500 mbps at full capacity, its in the link you posted. Where in it? Oh, I see. he mentions ER Pro in another post, then posts them without stating what they are in a thread on ERLs. VERY confusing.
    • Considering moving from SonicWall to Sophos XG (Looking for feedback on Sophos)
      IT Discussion • security networking firewall sonicwall utm sophos sophos xg • • dave247  

      12
      2
      Votes
      12
      Posts
      794
      Views

      Something to keep in mind is NGFW. Ubiquiti and Meraki, for example, are NGFW. It looks like much of the market is already starting to cool on the UTM crazy and NGFW is taking off as the "next stage" of popular approaches. Basically a reversal of direction or marketing at least, even from the big players in the UTM space like Palo Alto, Fortinet, Cisco, etc.
    • Security while Traveling -
      IT Discussion • linux security ubuntu fedora firewall linux mint securityawarenesstraining security while travelling • • gjacobse  

      20
      0
      Votes
      20
      Posts
      872
      Views

      @gjacobse said in Security while Traveling -: Could something like this or similar be supplemental? Seems pretty silly. So here is the question.... What threat do you perceive there being? How do you feel this device addresses that thread? I don't really see any threat in the first place, and so that makes it extra hard to know how to assuage your fears. But how this device is supposed to help, I'm really unsure.
    • Ubiquiti ER3 to ER4 Upgrade?
      IT Discussion • networking ubiquiti ubnt firewall router edgerouter edgerouter lite erl er4 • • mroth911  

      6
      1
      Votes
      6
      Posts
      609
      Views

      @jaredbusch said in Ubiquiti ER3 to ER4 Upgrade?: @scottalanmiller said in Ubiquiti ER3 to ER4 Upgrade?: @mroth911 said in ubiquiti Er3 to 4 Upgrade?: Can I just back up my er3 and upload it to the 4 I believe so. I have never tried, but it should handle it because it only bring the /config folder in, and nothing in the hardware of the 3 vs 4 is all that different. To clarify, I have migrated from ERL to ER4 a couple times. But I manually migrate. I don’t try to restore the old config.
    • Anyone running SonicOS 6.5.0.2-8n?
      IT Discussion • firewall router patching sonicwall sonicos sonicwall nsa 3600 • • dave247  

      3
      1
      Votes
      3
      Posts
      780
      Views

      @dbeato said in Anyone running SonicOS 6.5.0.2-8n?: @dave247 said in Anyone running SonicOS 6.5.0.2-8n?: We run a SonicWall NSA 3600 where I work and I am staring to look into upgrading to the new 6.5 firmware (6.5.0.2-8n). I have heard of some issues with the last two updates, and wanted to get more input if anyone has any to give.. I am not, I am using the 6.2.9 on the production Sonicwalls we have. I would recommend to test it out if possible. Unfortunately I can't realistically test it out. Even if I had an extra, non-production unit, I doubt I could effectively detect issues since production factors would not be present enough to fully test. I suppose I could just always roll back if necessary... but I think I will probably be waiting a few more releases.. that or just move to a different UTM all together..
    • FreePBX Site Disconnects All Phones At Once
      IT Discussion • security freepbx voip pbx firewall freepbx 14 fail2ban responsive firewall intrusion detection • • scottalanmiller  

      1
      6
      Votes
      1
      Posts
      378
      Views

      No one has replied

    • FreePBX 14 Firewall Start Warning
      IT Discussion • freepbx voip pbx firewall freepbx 14 freepbx adaptive firewall fwconsole • • scottalanmiller  

      9
      0
      Votes
      9
      Posts
      1103
      Views

      @scottalanmiller said in FreePBX 14 Firewall Start Warning: @jaredbusch said in FreePBX 14 Firewall Start Warning: @scottalanmiller said in FreePBX 14 Firewall Start Warning: Well, we are one step newer, so that might be it. # fwconsole ma list | grep firewall | firewall | 13.0.46.1 | Enabled | AGPLv3+ | I do not know the CLI command to revert, but it is simple to do in the GUI. CLick "Check upgrades and then expand the Firewall and you will have a previous versions option. Tested and you are right, rolling back to 45.5 and the message goes away. You could upgrade to edge and see if it is different, but I would just wait for the next update.
    • M

      Home Hardware Recommendations
      IT Discussion • ubiquiti firewall hardware router switch access point • • mattbagan  

      20
      0
      Votes
      20
      Posts
      1457
      Views

      ERL with an AC Lite AP at home as well as many clients. Zero issues.
    • Responsive Firewall and external FreePBX users
      IT Discussion • firewall freepbx 14 responsive firewall • • EddieJennings  

      19
      0
      Votes
      19
      Posts
      2114
      Views

      @dashrender you could see opensips as a software version of this, but in high load scenarios or in transcoding the example @scottalanmiller gives about restricted instruction sets on the video chip is a great example. If Asterisk was created after SIP standards were made it probably would have some type of domain filtering that would make the mobile issue a very easy fix. That being said the responsive firewall was a huge leap forward, but i don’t see anything in their big requests that indicates they are going to go further. I’ve not tried to use the Sangoma SBC or to fix the issue since I’ve moved on. I’m guessing the domain for mobile access is very low amongst FreePBX users, or maybe it’s used on desktops inside a LAN that is not using the responsive firewall.
    • FreePBX Firewall Status
      IT Discussion • firewall freepbx 14 performance issues • • EddieJennings  

      7
      0
      Votes
      7
      Posts
      892
      Views

      All the time. I only know this from having to log in every time the firewall gets behind and blocks the remote phones using responsive firewall. I do think FreePBX is great, don't get me wrong. These are some the reasons I still prefer a freeswitch based deployment and enforcing domains as part of authentication. Almost all attempts to brute force authenticate are dropped simply because they don't know the domain (realm) being used and they quickly give up. There is a lot more that I like over FreePBX in my current setup but that has more to do with trying to be a service provider. For a single installation my only gripe is the way the firewall works, how do people use Bria and roam around. That being said they could close that gap at any moment and my only complaint would be the delicacy of updating systems or uploading the wrong format of an audio file. Which apparently only bigbear has ever had problems with. Lol.
    • Provisioning phones in the wild - FreePBX
      IT Discussion • firewall freepbx 14 freepbx setup yealink t42s provisioning yealink t42s configuration • • EddieJennings  

      14
      1
      Votes
      14
      Posts
      1619
      Views

      The resellers used to do it manually and charged $1 a phone, which is why I think adoption stalled. Plus documentation is horrible. Once you are in the portal its pretty obvious what can be done. I have linked my GUI so that when you add a phone's mac address to my service it uses Yealink API to automatically configured RPS.
    • Replacing a UTM in an SMB - With What?
      IT Discussion • security firewall proxy utm network security ids filtering ips • • wrx7m  

      18
      1
      Votes
      18
      Posts
      1247
      Views

      @jaredbusch - I thought that is what you meant but did a double-take. LOL
    • FreePBX - site being added to the Blocked Host list
      IT Discussion • freepbx firewall ucp • • Dashrender  

      2
      0
      Votes
      2
      Posts
      709
      Views

      Additionally, I'm looking at the firewall settings https://i.imgur.com/qCbus6z.png Is this expected? I get the list of my trusted items, it shows an empty list for other, but local, internet, and rejected all provide zero feedback. I have the Let's Encrypt sites added to local on the same page as I have my trusted sites added, yet they don't show up as seen above. Thoughts? This makes me think that I have somehow disabled the local zone
    • Port - What server OS to use
      IT Discussion • server firewall lan desktops newbie • • DustinB3403  

      42
      1
      Votes
      42
      Posts
      2963
      Views

      Before you can get in to what OS to run the clients on, do you have to ask what apps the business needs to run? If they need some kind of CAD package and it's only offered on Windows, the linux client goes out the window. (pun intended)