Netgate SG-1000 microFirewall

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - marcvb

Pages: [1] 2 3
1
webGUI / Re: Auto login with link
« on: Yesterday at 01:35:34 pm »
So when a employee leaves the company we can remove his account on all the firewalls.
The admin/root password will only be known to the owner or high privleged system managers.
We have over 80+ firewalls, thats why we are putting so much effort in central management.
These firewalls are on diffrent locations, with diffrent internet providers.

FreeRadius will do this, get it to use FreeRadius first for the auth then fall back to local usernames & passwords.

Never done it myself with my pfSense access but my local Linksys switches are using the radius server on my router.

This is how I'd do it if I had to.

You'd just need to add the routers to the client list and the users to the user list on the central server.

You can even set auto expire dates for the users.

Don't lock your self out like I did wiith a test VM :)

No page assigned to user, so it is using radius

Thanks that is a good solution, setting up a radius server right now.

2
webGUI / Re: Auto login with link
« on: Yesterday at 09:04:18 am »
Thank you for the reply's,

We use a password management software for this without a browser plugin.
The best thing will be that the administators do not know the admin/root password.
Is it maybe possible to create a user over ssh for the webgui?

Then i can create a script to create and deactivate users.
So when a employee leaves the company we can remove his account on all the firewalls.
The admin/root password will only be known to the owner or high privleged system managers.
We have over 80+ firewalls, thats why we are putting so much effort in central management.
These firewalls are on diffrent locations, with diffrent internet providers.

3
webGUI / Auto login with link
« on: January 16, 2018, 08:12:28 am »
Hello,

Al of our pfsense we manage with a single dashboard but we want to create a link for each firewall containing the username and password.
Is there a way to pass the username and password to the firewall within the url to auto login without having to type the password ?

4
General Discussion / Re: WebServers behind two pfSenses do not work
« on: January 05, 2018, 03:09:48 pm »
I do not realy understand the configuration. Is this a nat ?
Is the pfsense management on port 80 ?

5
webGUI / Re: unable to access web ui through local ip
« on: January 03, 2018, 10:44:56 am »
I think the following option on the interface is enable and you are coming from an internal ip address.

"Block private networks and loopback addresses"

6
General Questions / Re: Problems with BT Vision & PfSense 2.3.4
« on: October 01, 2017, 03:20:19 pm »
This is a long shot but you can try going to System -> Advanced -> System Tunables.
Then add an entry for "net.link.ether.inet.allow_multicast" and set the value to 1.

If you want to remove it remove the tunable and reboot.


7
We use prtg, there is a free version but i do not know if it contains the needed functions.
I think it was called netflow, this is a package.


8
General Questions / Re: Clear source tracking
« on: September 28, 2017, 01:37:59 am »
My collega has found out it should be "pfctl -F sources"

9
General Questions / Clear source tracking
« on: September 27, 2017, 01:38:09 pm »
Hello we are looking for a way to clear the source tracking each evening because we set the sticky connections to 24 hours and dont want them to expire during the day.
I think it has to do something with DIOCCLRSRCNODES.
We cant do a reboot because there is a carp with loadbalancing and 12 iis servers behind it.

We are planning to move to haproxy but it takes time to test it with the webapplication.

We need the sticky session because some reports are saved in memmory w3wp and not in the session state, yes i know that is stupid.  :o

10
General Questions / Re: pfDash central management
« on: September 05, 2017, 01:54:30 am »
Thank you for the info, I think we will just keep it for our self’s.
Hopefully the new management can be installed on own hardware, this is a must for us.

11
General Questions / pfDash central management
« on: September 04, 2017, 03:29:16 am »
Hello everyone,

We are looking for a central management tool for pfsense.
Until now we are unable to find a satisfying one.
At the moment we have around 50+ pfsense firewalls, most of them are on hardware, some are on vmware.

What we are doing right now is building a portal/dashboard.
We are thinking for publishing it on github.
The project will have a service witch will collect data on interval and will save it in a mysql database.
Currently its on the fly, when this has been build it will be publish.

I would like to know if someone is willing to help us with this project.

The application will connect over ssh to the firewall.
So every commandline command will be posible.

What can it do right now:
1. Get pfsense version number
2. Get Memory status
3. Get the uptime
4. Get the tempature (not vmware)
5. Get the system model
6. Automatic deployment of management scripts and update
7. Firewall restart
8. Firewall update
9. Config download/backup
10. Let the system speaker make a sound
11. Get amount of states

12
NAT / Nat port with dynamic source
« on: August 09, 2017, 09:19:28 am »
Wat are we trying:

We want to give us the option to be able to open a port for the public ip where we are at the moment.
We can use VPN but that is to much overhead.

What have i tried.

I created a nat rule with a alias as source.
This alias is filled from a webserver, created a desktop application to update the webserver.
Only the alias updates each 24 hours, not instant or each minute.
I can change the script for pfsense to get it each minuten, but i fear it will put to much stress on the firewall.

Maybe you guys have a better idea.

13
IPsec / Re: Ipsec with dual pfsense
« on: February 28, 2017, 01:06:11 pm »
Yes it fixed our issue, hope this thread helps someone.
We could not find any information on it.

14
IPsec / Re: Ipsec with dual pfsense
« on: February 28, 2017, 05:25:35 am »
We are a bit further with this isseu.
We think the following option will fix our problem, within the main firewall.

Disables the PF scrubbing option which can sometimes interfere with NFS traffic.

We are going to apply the option this evening.

15
IPsec / Ipsec with dual pfsense
« on: February 24, 2017, 01:37:38 pm »
Hellow fellow pfsense lovers.

We changed our main firewall for a pfsense (without Nat).
This pfsense is our main router/firewall because we have our own subnet.
Behind our subnet there are multiple pfsense firewalls witch have there own public ip in our own subnet.

The pfsense firewalls behind our main pfsense (without Nat) have ipsec vpn to other remote sites.
But the thing is with the new main pfsense (without Nat) in front of the pfsense the transfer over vpn are very slow en will stop most of the time.
We have tested this with SMB and FTP.

Maybe we have to do some performance tuning in the main firewall.
In the attachment is the specs of our new main firewall/router


With our old firewall/router this was not the case.

Pages: [1] 2 3