My oldest daughter delivered a 9 lb. 6 oz. boy last night.
We're on our way to meet him.
I wonder if he's ready to walk.

I scanned this thread quickly.
Same workgroup?
Joined domain?
Same activated account in backoffice? Same level of security?
Did something switch to the Public Network in Network & Sharing Center?
I believe I saw earlier about the firewall needing to be enabled for 445 to work. That's true AFAIR.

@dashrender said in Weekend Plans:

@scotth said in Weekend Plans:

@dashrender said in Weekend Plans:

@scotth said in Weekend Plans:

@jaredbusch said in Weekend Plans:

I'm figuring out how to apply a dialing standard that is not designed to be handed by FreePBX.

Forcing 800 users to change a nearly 10 year habit will not go over well.

We have IP Office <insert Mr. Yuk sticker here> and I kept getting notices that we were calling 911. Our users were fat-fingering 9 for an outside line. I know, I know. I don't even ask anymore.

I changed it to 8 for an outside line. The backlash was severe. Monumental, actually.

We had a problem where people wheren't using the "outside call" button on the old Inter Tel phones - then dialing Jimmy Johns xxxx911x, so the first 4 x's were an invalid extension, so the system would dump it, then they dialed 911 - and were getting 911, but then the employee would realize the system was getting what they wanted - so they hung up on 911 instead of telling them it was a misdial.

There was a point where I added a route to the outside so that all outside calls needed 8,1-number and would strip out the 1 for local calls and push through the 1 for long distance....back in the day we had our lines split between local and long distance. Pre-PRI/SIP

Not sure we could do that here. The 402 area code is both local and long distance. The dialer (person) just has to know - or deal with the phone system error for not dialing a 1 if it was long distance.

Ah. I should have specified... our system allowed us to setup FRS? routing <I can't remember> by (area) <exchange>

@dashrender said in Weekend Plans:

@scotth said in Weekend Plans:

@jaredbusch said in Weekend Plans:

I'm figuring out how to apply a dialing standard that is not designed to be handed by FreePBX.

Forcing 800 users to change a nearly 10 year habit will not go over well.

We have IP Office <insert Mr. Yuk sticker here> and I kept getting notices that we were calling 911. Our users were fat-fingering 9 for an outside line. I know, I know. I don't even ask anymore.

I changed it to 8 for an outside line. The backlash was severe. Monumental, actually.

We had a problem where people wheren't using the "outside call" button on the old Inter Tel phones - then dialing Jimmy Johns xxxx911x, so the first 4 x's were an invalid extension, so the system would dump it, then they dialed 911 - and were getting 911, but then the employee would realize the system was getting what they wanted - so they hung up on 911 instead of telling them it was a misdial.

There was a point where I added a route to the outside so that all outside calls needed 8,1-number and would strip out the 1 for local calls and push through the 1 for long distance....back in the day we had our lines split between local and long distance. Pre-PRI/SIP

@jaredbusch said in Weekend Plans:

I'm figuring out how to apply a dialing standard that is not designed to be handed by FreePBX.

Forcing 800 users to change a nearly 10 year habit will not go over well.

We have IP Office <insert Mr. Yuk sticker here> and I kept getting notices that we were calling 911. Our users were fat-fingering 9 for an outside line. I know, I know. I don't even ask anymore.

I changed it to 8 for an outside line. The backlash was severe. Monumental, actually.

Gonna stage POS's in two sites.
Wait for the vendor to setup & the VASC to install.
Have a nice weekend!

@hobbit666 said in Poor VPN performance:

@scotth said in [Poor VPN performance]

I picked up a refurbished HP Elite 8300 SFF for $300 about 4 years ago. I loaded the free offering from Sophos and have been running it without issue. It uses OpenVPN for remote access. I also have an IPSEC tunnel setup for work.
I did have to buy two NICs. Since it is SFF, I had to make sure that low profile brackets were included.

Was thinking this but could I add a WiFi card and make it into a Access Point as well. Since it for home the less kit taking power the better

I don't think it will let you create an AP. I grabbed a bottom of the line AP from Ubiquity. Works fine

@hobbit666 said in Poor VPN performance:

@jaredbusch said in [Poor VPN performance]

No. OpenVPN is not able to be offloaded. So throughput with OpenVPN is always a CPU issue.

The device does not matter. EdgeRouter, ASUS, or anything else.

The best way to get OpenVPN at high speed is pfSense on a desktop or something.

Yeah that's what I'm seeing from other forums. Basic routers are just a no go.

I picked up a refurbished HP Elite 8300 SFF for $300 about 4 years ago. I loaded the free offering from Sophos and have been running it without issue. It uses OpenVPN for remote access. I also have an IPSEC tunnel setup for work.
I did have to buy two NICs. Since it is SFF, I had to make sure that low profile brackets were included.

[I found this BBB listing today(https://www.bbb.org/boston/business-reviews/telecommunication-equipment-repair/granite-telecommunications-inc-in-quincy-ma-81783/reviews-and-complaints)

Doesn't appear to be too good

Perhaps they've improved.
Dunno, I did a quick search and it wasn't good.
I may consider them -- I may not.

I've been getting call after call, emails, messages, ... not liking it.
Pushy sales guy actually tried an end around going to one of our people here with a title that looked liked he would get some action.
Just that alone is enough in my book to automatically disqualify.
I also did a quick search with just their company name and up pops numerous reviews and ratings that make me feel justified for my feelings about this one.
I don't like 'foot in the door' sales tricks.
/end rant
I'm curious if anyone has had any experience with this company.

My apologies for not stating this clearly.

Comcast router -->> Watchguard Firewall -->> Cybera Router -->>PaySafe Firewall (EchoSAT).

I had to get permission to connect our backoffice which is offsite by statically addressing one of the Watchguard ports and then routing into the Cybera -- all done over VPN. While it works fine, it's just a little wonky to try to explain to the powers that be why we are doing it this way. Otherwise, I'l have to add an onsite Windows host. Just more layers.

Edit: I connected the specified Watchguard port to the POS (Cybera) router.

@scottalanmiller said in Windows Firewall:

@wrcombs said in Windows Firewall:

@scotth said in Windows Firewall:

@scottalanmiller said in Windows Firewall:

@scotth said in Windows Firewall:

I'm not trying to sound all Frankenstein, but I've sloughed through this for several years and fortunately, our outfit has been ok.

I think that you mean draconian.

I don't mean to make anyone paranoid.... actually I do.

PCI compliance isn't something to fluff off.
If you're operating a POS and take credit and / or debit cards, you need all of your protections in place and verifiable, subject to audit.

Processors will warn, will shut off, will fine a retailer. Why risk a retail outlet over a little effort?

All of our locations have the POS and the backoffice on separate networks which are also separated by a second router and separate firewall--both hardware based--just for the POS protection. All credit credit / debit cards are processed behind two hardware firewalls and the POS OS firewall is in place and functioning as well.

Good Luck

All of our locations are provided hard ware firewalls, Our POS on our their own seperate Network as well, The only thing we dont have compared to you is POS OS Firewall from the sounds of it.

Yes, but hardware firewalls are useless here (or nearly so), they don't do anything important. Neither does having the separate network. None of that is required if your OSes weren't insecure and exposed like crazy. Now should you have the hardware firewall and the separate network? Sure, those are great, but they are "icing" not the "cake". They are crutches making is sound almost plausible to non-technical people that maybe security isn't all screwed up. But to us, it's plain as day that they are not even remotely secured to a minimum IT standard, let alone to a standard required for POS systems.

Remember that you must have BOTH the hardware firewall and the OS firewalls to meet a "minimum IT security baseline" for the least security systems that there are. That's the "lowest security minimum" you can have in our industry. That these are POS systems in real businesses handing customer data means that doing only the minimum industry baseline is not enough. And that you have PCI means it is not even close to enough.

And yet, they aren't doing it. They aren't meeting their industry obligations, their business responsibilities, nor their contractual requirements of their credit card processors. Nor are they being responsible to the customers.

There's more agreement to this than most might think.
Personally, I believe that the best way to hide issues is out in the open philosophy is being used.
'Look at all this stuff we have for you. Firewalls, routers, chip card readers.'
If there's a breach, no one will know or find out since the traffic doesn't occur where anyone could snoop, at least locally.

@wrcombs said in Windows Firewall:

@scotth said in Windows Firewall:

@scottalanmiller said in Windows Firewall:

@scotth said in Windows Firewall:

I'm not trying to sound all Frankenstein, but I've sloughed through this for several years and fortunately, our outfit has been ok.

I think that you mean draconian.

I don't mean to make anyone paranoid.... actually I do.

PCI compliance isn't something to fluff off.
If you're operating a POS and take credit and / or debit cards, you need all of your protections in place and verifiable, subject to audit.

Processors will warn, will shut off, will fine a retailer. Why risk a retail outlet over a little effort?

All of our locations have the POS and the backoffice on separate networks which are also separated by a second router and separate firewall--both hardware based--just for the POS protection. All credit credit / debit cards are processed behind two hardware firewalls and the POS OS firewall is in place and functioning as well.

Good Luck

All of our locations are provided hard ware firewalls, Our POS on our their own seperate Network as well, The only thing we dont have compared to you is POS OS Firewall from the sounds of it.

Sounds like your POS provider should be able to give you the information that you need to help you out.

@jaredbusch said in Windows Firewall:

@scotth said in Windows Firewall:

All of our locations have the POS and the backoffice on separate networks which are also separated by a second router and separate firewall--both hardware based--just for the POS protection. All credit credit / debit cards are processed behind two hardware firewalls and the POS OS firewall is in place and functioning as well.

Over spend much?

Not my idea. We operated branded convenience stores.
Really nice money grab for the 3rd party providers.

Edit: 2nd hardware layer is the brand / POS provider's requirement

@scottalanmiller said in Windows Firewall:

@scotth said in Windows Firewall:

I'm not trying to sound all Frankenstein, but I've sloughed through this for several years and fortunately, our outfit has been ok.

I think that you mean draconian.

I don't mean to make anyone paranoid.... actually I do.

PCI compliance isn't something to fluff off.
If you're operating a POS and take credit and / or debit cards, you need all of your protections in place and verifiable, subject to audit.

Processors will warn, will shut off, will fine a retailer. Why risk a retail outlet over a little effort?

All of our locations have the POS and the backoffice on separate networks which are also separated by a second router and separate firewall--both hardware based--just for the POS protection. All credit credit / debit cards are processed behind two hardware firewalls and the POS OS firewall is in place and functioning as well.

Good Luck

You may not want to hear this but if you don't have your protections turned on, you'll eventually have major PCI compliance issues. By the middle of 2020, if your outfit is found to not be in compliance, the regulators (if they find out) will literally shut off your credit / debit card processing. You'll be cash only until you correct this. And, if you have multiple violations, you'll also be fined in graduating levels.

Also, your credit card processor, your franchiser (if you are part of a franchise), even your vendors may and have the right to ask for your compliance proof.

I'm not trying to sound all Frankenstein, but I've sloughed through this for several years and fortunately, our outfit has been ok.

Keep after this with your higher ups. They'll see the light eventually.

@jimmy9008 said in Routing/WAN:

This is what we use. PBR says the default route for the server is x.x.x.x. < thats fine.
What im asking is if the communication comes through y.y.y.y will PBR be ignored and the message transverse back through y.y.y.y as the source?

I don't think that PBR will allow the override unless your policies allow for your traffic to come in on y in the 1st place. Without seeing the behavior / logs, I wouldn't know.

I believe what you're looking for is policy based routing -- Watchguard speak.
Since you opened a ticket, bring that up. They'll know.

@scottalanmiller said in What Are You Doing Right Now:

@kelly said in What Are You Doing Right Now:

@scottalanmiller said in What Are You Doing Right Now:

Testing out UrBackup at a client site.

I was looking at using that for a smaller client.

So far so good, I'm liking it.

I saw on the website that there is a SQL module. Has anyone tried it?