ML
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login
    1. Topics
    2. Tags
    3. firewall
    Log in to post
    • All categories
    • OksanaO

      Netsh: The Swiss Army Knife for Windows Networking

      Starwind
      • starwind netsh windows firewall wifi • • Oksana
      1
      0
      Votes
      1
      Posts
      229
      Views

      No one has replied

    • scottalanmillerS

      First Look Ubiquiti Unifi UXG Pro

      IT Discussion
      • unifi ubiquiti uxg uxg pro router networking firewall • • scottalanmiller
      5
      1
      Votes
      5
      Posts
      3.2k
      Views

      DashrenderD

      @scottalanmiller said in First Look Ubiquiti Unifi UXG Pro:

      The new, unreleased Unifi UXG Pro just arrived here at the NTG Dallas offices. Woot! It's dual power supply, dual WAN, dual LAN, touch screen LCD and up and running!

      More details as we get to play with it.

      DAMN IT!!!

    • JaredBuschJ

      Vultr Firewall added Cloudflare

      IT Discussion
      • vultr firewall cloudflare • • JaredBusch
      31
      4
      Votes
      31
      Posts
      4.2k
      Views

      DashrenderD

      @Mario-Jakovina said in Vultr Firewall added Cloudflare:

      As I said - we do have FQDN.
      I was just suprised when @Dashrender said they are free from Cloudflare

      I misspoke, I never meant that registered domains themselves were free. What I meant was free was DNS hosting and base level proxying from CF.

    • DashrenderD

      Help setting up routing

      IT Discussion
      • routing firewall • • Dashrender
      21
      1
      Votes
      21
      Posts
      1.5k
      Views

      scottalanmillerS

      @FATeknollogee said in Help setting up routing:

      @JaredBusch Just curious, what it the /23 on eth3, is that one of your LAN IP blocks from AT&T?

      AT&T can't issue private IP addresses.

    • DustinB3403D

      Documenting Firewall Exceptions and Rules

      IT Discussion
      • firewall firewall-cmd linux windows documentation change management tracking • • DustinB3403
      10
      2
      Votes
      10
      Posts
      981
      Views

      DustinB3403D

      @IRJ said in Documenting Firewall Exceptions and Rules:

      @DustinB3403 said in Documenting Firewall Exceptions and Rules:

      I had to add some rules to a CentOS 8 server because some things stopped working that were previously working. (Not sure why this worked before, but it did)

      Adding a few rich rules resolved the issue immediately.

      None of this makes any sense. It's deny all and permit by exception. Why would you do anything else?

      That's the default, and that's what was working just fine for a long time. Suddenly it began "not working" and needed the exceptions made.

    • scottalanmillerS

      Unifi USG VPN from Behind NAT Firewall

      IT Discussion
      • unifi ubnt ubiquiti vpn ipsec usg router firewall networking • • scottalanmiller
      5
      0
      Votes
      5
      Posts
      2.8k
      Views

      JaredBuschJ

      @Romo said in Unifi USG VPN from Behind NAT Firewall:

      Also add the changes to a config.gateway.json file in the controller to changes directly made on the USG don't get deleted on next provision.

      One reason I hate these units.

    • 1

      Is the concept of DMZ obsolete?

      IT Discussion
      • dmz firewall security infosec network security • • 1337
      6
      1
      Votes
      6
      Posts
      884
      Views

      scottalanmillerS

      A proper DMZ is still a valid concept, but was never that big of a deal. There are almost no resources that make sense to put there. If you have those resources, then sure. But who does? The advent of cloud computing, cheaper colocation, better IT knowledge, etc. has led most shops to not try to make "internal/external" shared resources where one side is public and the other uses LAN security; and what little of that remains in need is generally addressed with VLANs in a slightly different way.

    • J

      Cisco ASA

      IT Discussion
      • cisco cisco asa routing firewall vlan • • Jimmy9008
      9
      0
      Votes
      9
      Posts
      1.1k
      Views

      JaredBuschJ

      @Dashrender said in Cisco ASA:

      @Jimmy9008 said in Cisco ASA:

      A and B can also RDP/ping devices sitting on C.

      If this is true, it's just a matter of rules/route allowing C back to A/B or a route specifically for C -> A/B.

      172.16.0.0 vlan… switch IP = 172.16.0.1, ASA = N/A, gateway on the vlan is 172.16.0.1 (the switch)

      this is legacy. What appears to happen is that the switch has 0.0.0.0 set to 192.168.50.10 (the ASA) on a vlan2. So, traffic from 172.16.0.0 hits the switch IP at 172.16.0.1, then hope out 0.0.0.0
      ^ I think its this that's causing the issue.

      This should be fine, this is what allows the C network to get to the internet

      so, when on the 172.16.0.0 network, the request goes to the switch's IP (172.16.0.1) which forwards it to 192.168.50.10 (the ASA), The ASA then doesn't have a rule allowing traffic from 172.16.0.0 to talk to 10.x, so it just dumps the traffic.

      At least that's what it looks like to me at this time.

      “C” network really?

    • scottalanmillerS

      Netgear R6400 / AC1750 Port Forwarding Overlap Issue

      IT Discussion
      • netgear netgear genie netgear r6400 netgear ac1750 router firewall networking port forwarding • • scottalanmiller
      7
      1
      Votes
      7
      Posts
      750
      Views

      DashrenderD

      Roflol

    • WLS-ITGuyW

      Close ports on Linode Debian

      IT Discussion
      • debian 9 firewall • • WLS-ITGuy
      5
      0
      Votes
      5
      Posts
      617
      Views

      1

      By default Debian comes with iptables. It will allowing everything but a normal Debian install have no services running.

      Run iptables -L to see the firewall rules.

      On Debian 10 the default is nftables.

    • steveS

      Network Address Translation - CompTIA Network+ N10-007 Prof Messer

      Training
      • comptia network+ prof messer networking youtube video training it training it career nat routing firewall security • • steve
      3
      2
      Votes
      3
      Posts
      659
      Views

      IRJI

      @mary said in Network Address Translation - CompTIA Network+ N10-007 Prof Messer:

      Is there any kind of slowdown when using just one port if you are getting a lot of traffic?

      No not really. The most commonly used ports are 80 and 443. They process quite a bit of traffic on your average workstation.

      In fact, most servers are designed to work with a single port or just a handful of ports open. For custom applications using a specific port makes it easier to troubleshoot issues and restricts non application traffic. Many apps are defaulting to 443 these days. Although, keep in mind SSL /TLS can operate on other ports.

    • steveS

      Windows Firewall with Advanced Security - CompTIA A+ 220-1002 Prof Messer

      IT Careers
      • a+ comptia certification prof messer firewall networking security windows windows system administration it career it training video training youtube • • steve
      13
      3
      Votes
      13
      Posts
      1.5k
      Views

      scottalanmillerS

      @brianwinkelmann said in Windows Firewall with Advanced Security - CompTIA A+ 220-1002 Prof Messer:

      what about the Windows Defender, I mean the antivirus and the firewall of Windows They go hand in hand right?

      They go together as in they are both security components of the Windows operating system. But that's about the extent of it. They are both very good, they should both always be used, they are both for the purpose of security. But they are not actually associated other than in name.

    • OksanaO

      Take your game to the next level with VMware Service-defined Firewall

      Starwind
      • vmware network firewall network security • • Oksana
      1
      1
      Votes
      1
      Posts
      312
      Views

      No one has replied

    • steveS

      Configuring a SOHO Firewall - CompTIA A+ 220-1001 Prof Messer

      IT Careers
      • prof messer a+ comptia video training youtube firewall router networking • • steve
      9
      3
      Votes
      9
      Posts
      756
      Views

      valentinaV

      Done with this one!

    • scottalanmillerS

      10Gb/s Firewall Choice for Colocation

      IT Discussion
      • firewall router unifi ubiquiti colocation colocation america networking • • scottalanmiller
      18
      1
      Votes
      18
      Posts
      1.4k
      Views

      wrx7mW

      @scottalanmiller said in 10Gb/s Firewall Choice for Colocation:

      @bnrstnr said in 10Gb/s Firewall Choice for Colocation:

      Looks like the ER‑8‑XG could also be a good fit if you prefer the EdgeRouter series over the Unifi stuff. Also slightly less expensive, and better performance.

      https://www.ui.com/edgemax/edgerouter-infinity/

      And ordered... we should have it on Monday.

      From the only vendor offering prime?

    • Reid CooperR

      ISP Failover with Cisco ASA

      IT Discussion
      • cisco cisco asa firewall router networking isp failover • • Reid Cooper
      22
      1
      Votes
      22
      Posts
      2.2k
      Views

      D

      @scottalanmiller said in ISP Failover with Cisco ASA:

      That's mostly true. But Cisco considers it real Cisco and it shows their view of themselves. And that, I always think, is important. Cisco doesn't seem themselves as an enterprise player. And I've been in sales meetings with Cisco and that definitely comes through when talking to them.

      That's not what I got from my sales conversations with them. They were very explicit about real Cisco and the lesser sub-brands.

      Having been at two huge banks that were burned by being willing to use UCS, Cisco and enterprise are two words I never put together. From networking to phones to servers, Cisco is consistently overpriced and underperforming.

      I absolutely loved UCS, even wrote the original oVirt/RHV plugin for the VMFEX cards. They were ahead of their time with those boxes, but the cloud pretty much killed everything really cool and advanced about HW

    • scottalanmillerS

      Kerio Control "license error: license exhausted, cannot allow another host"

      IT Discussion
      • kerio firewall router security networking kerio control • • scottalanmiller
      4
      1
      Votes
      4
      Posts
      1.2k
      Views

      scottalanmillerS

      @pmoncho said in Kerio Connect "license error: license exhausted, cannot allow another host":

      Based on the couple posts I have seen, each registered user can have five devices. So, if they have 30 devices, they need 6 user licenses. Did they add any extra devices lately?

      Easily, but more likely they just let their license expire.

    • scottalanmillerS

      Why I See UTMs As Generally Bad in the Current Market

      IT Discussion
      • utm firewall security ngfw networking router • • scottalanmiller
      35
      3
      Votes
      35
      Posts
      3.6k
      Views

      scottalanmillerS

      @Donahue said in Why I See UTMs As Generally Bad in the Current Market:

      @scottalanmiller said in Why I See UTMs As Generally Bad in the Current Market:

      @Donahue said in Why I See UTMs As Generally Bad in the Current Market:

      The reason we went with Fortigate over an Edge router, is that the Edge router couldn't do the IPsec bandwidth we were trying to hit. But mine is an NGFW with UTM bundled in. Could there been some other product that I dont know of that would have been better in our case?

      ERL does nearly half of what you need...

      https://community.ubnt.com/t5/EdgeRouter/ERL-Performance-Testing-with-IPSec-VPN/m-p/1053799#M44593

      ER and ERPro are so much more powerful. The ER Pro has 2x the CPU power, and 4x the RAM. We'd expect it to be able to saturate your lines no problem. Of course that is "expect", but based on the ERL speeds, and that they run the same code, there is little doubt that it can push IPSec over 1Gig speeds.

      https://dl.ubnt.com/datasheets/edgemax/EdgeRouter_DS.pdf

      Your link is what convinced me not to use the ER pro. the Pro's will only do <500 mbps at full capacity, its in the link you posted.

      Where in it?

      Oh, I see. he mentions ER Pro in another post, then posts them without stating what they are in a thread on ERLs. VERY confusing.

    • dave247D

      Considering moving from SonicWall to Sophos XG (Looking for feedback on Sophos)

      IT Discussion
      • utm sonicwall sophos sophos xg networking security firewall • • dave247
      12
      2
      Votes
      12
      Posts
      1.5k
      Views

      scottalanmillerS

      Something to keep in mind is NGFW. Ubiquiti and Meraki, for example, are NGFW.

      It looks like much of the market is already starting to cool on the UTM crazy and NGFW is taking off as the "next stage" of popular approaches. Basically a reversal of direction or marketing at least, even from the big players in the UTM space like Palo Alto, Fortinet, Cisco, etc.

    • 1
    • 2
    • 3
    • 4
    • 1 / 4