Netgate SG-1000 microFirewall

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - marcvb

Pages: [1] 2 3
1
Firewalling / Re: Url Table - force update
« on: March 15, 2018, 10:07:41 am »
There is no directory aliastables in /var/db/ could it be this system is broken and nobody noticed it ?

2
Firewalling / Re: Url Table - force update
« on: March 15, 2018, 04:12:18 am »
The above does not seems to work, i also tryed to copy the scrypt: /etc/rc.update_urltables and add unlink("/var/db/aliastables/blacklist.txt");
And create a cron job for it without succes.

3
Firewalling / Re: Url Table - force update
« on: March 07, 2018, 05:03:27 am »
For now i edit the cron to  /usr/bin/nice -n20 /etc/rc.update_urltables now forceupdate
Or is this a bad thing to do ?

Does someone know if a url table can also collect description information from the txt?

4
Firewalling / Url Table - force update
« on: March 06, 2018, 06:33:59 am »
Hello,

We want to force an update of the url table each 5 minutes.

We have changed the cron job /usr/bin/nice -n20 /etc/rc.update_urltables to: */5   *   *   *   *
But it seems there is also an age check of the file.

Bellow is inside the rc.update_urltables, is it posible to always force?
Maybe something like /usr/bin/nice -n20 /etc/rc.update_urltables forceupdate


// Set whether or not to force the table update before it's time.
   if (!empty($argv[2]) && ($argv[2] == "forceupdate")) {
      $forceupdate = true;
   } else {
      $forceupdate = false;
   }

5
Firewalling / Re: Url Table - view current content
« on: March 05, 2018, 09:48:37 am »
Diagnostics- Tables

Wow thnx how could i have missed this.

6
Firewalling / Url Table - view current content
« on: March 05, 2018, 09:23:16 am »
Hello,

We would like to know if it is possible to view the content of an url table ?
We are not sure if the url table is updating each day.

7
webGUI / Re: Auto login with link
« on: January 17, 2018, 01:35:34 pm »
So when a employee leaves the company we can remove his account on all the firewalls.
The admin/root password will only be known to the owner or high privleged system managers.
We have over 80+ firewalls, thats why we are putting so much effort in central management.
These firewalls are on diffrent locations, with diffrent internet providers.

FreeRadius will do this, get it to use FreeRadius first for the auth then fall back to local usernames & passwords.

Never done it myself with my pfSense access but my local Linksys switches are using the radius server on my router.

This is how I'd do it if I had to.

You'd just need to add the routers to the client list and the users to the user list on the central server.

You can even set auto expire dates for the users.

Don't lock your self out like I did wiith a test VM :)

No page assigned to user, so it is using radius

Thanks that is a good solution, setting up a radius server right now.

8
webGUI / Re: Auto login with link
« on: January 17, 2018, 09:04:18 am »
Thank you for the reply's,

We use a password management software for this without a browser plugin.
The best thing will be that the administators do not know the admin/root password.
Is it maybe possible to create a user over ssh for the webgui?

Then i can create a script to create and deactivate users.
So when a employee leaves the company we can remove his account on all the firewalls.
The admin/root password will only be known to the owner or high privleged system managers.
We have over 80+ firewalls, thats why we are putting so much effort in central management.
These firewalls are on diffrent locations, with diffrent internet providers.

9
webGUI / Auto login with link
« on: January 16, 2018, 08:12:28 am »
Hello,

Al of our pfsense we manage with a single dashboard but we want to create a link for each firewall containing the username and password.
Is there a way to pass the username and password to the firewall within the url to auto login without having to type the password ?

10
General Discussion / Re: WebServers behind two pfSenses do not work
« on: January 05, 2018, 03:09:48 pm »
I do not realy understand the configuration. Is this a nat ?
Is the pfsense management on port 80 ?

11
webGUI / Re: unable to access web ui through local ip
« on: January 03, 2018, 10:44:56 am »
I think the following option on the interface is enable and you are coming from an internal ip address.

"Block private networks and loopback addresses"

12
General Questions / Re: Problems with BT Vision & PfSense 2.3.4
« on: October 01, 2017, 03:20:19 pm »
This is a long shot but you can try going to System -> Advanced -> System Tunables.
Then add an entry for "net.link.ether.inet.allow_multicast" and set the value to 1.

If you want to remove it remove the tunable and reboot.


13
We use prtg, there is a free version but i do not know if it contains the needed functions.
I think it was called netflow, this is a package.


14
General Questions / Re: Clear source tracking
« on: September 28, 2017, 01:37:59 am »
My collega has found out it should be "pfctl -F sources"

15
General Questions / Clear source tracking
« on: September 27, 2017, 01:38:09 pm »
Hello we are looking for a way to clear the source tracking each evening because we set the sticky connections to 24 hours and dont want them to expire during the day.
I think it has to do something with DIOCCLRSRCNODES.
We cant do a reboot because there is a carp with loadbalancing and 12 iis servers behind it.

We are planning to move to haproxy but it takes time to test it with the webapplication.

We need the sticky session because some reports are saved in memmory w3wp and not in the session state, yes i know that is stupid.  :o

Pages: [1] 2 3