Netgate SG-1000 microFirewall

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Messages - kholmqvist

Pages: [1] 2
Installation and Upgrades / Re: pfSense on Sophos UTM 320
« on: March 03, 2018, 03:03:55 am »
I have installed pfSense on a UTM 320 rev. 4 without any issues, are you sure those nics are working with the sophos software installed?

NAT / Re: NAT over IPSEC
« on: June 12, 2017, 05:07:40 am »

It's not possible. You can see why here

Normally, YES it only locked down to my IP ranges. We can't do site-to-site with them because they have the same internal IP as another client, but the other client pays us 10x what these guys pay us. This client is highly allergic to spending money, like anaphylaxis. So we can't change it. The other client also will not change their IP schema.

I have an sslvpn login and now that a watchguard is in place, it talks to my dimension server anyway. I also have screenconnect, a.k.a ConnectWise Control and can always log into a machine and hop on the web interface but some times the cheaper clients have slower servers and I am impatient.

The report, while full of words, pages full in fact, provides exactly zero useful information. It's all generic, and doesn't say what ACTUALLY caused it.

As far as these PCI Compliance scans and the scanners than scan them, yeah I could rant too.

You can use NAT to create that tunnel between to ends with the same network. this should help you in the right direction


I have the same setup and mine is working perfectly. Here is the guide i used

Firewalling / Re: OMG firewall, would you just do as you are told!?
« on: April 05, 2017, 04:40:30 am »
Excellent point!

I'm trying to forward all sip traffic (TCP/UDP 5060) to the sip server which is at  I started by going to Firewall -> NAT -> Port Forward -> add

then  the details are:

interface: wan
protocol: tcp/ip
destination: wan address (I've also tried "This Firewall", didn't fix it.  By the way, what's the difference?)
destination port range: sip to sip
redirect target ip: (the 3CX sip server)
redirect target port: sip
nat reflection: use system default (by the way, what does this mean?)
filter rule association: add associated filter rule

SIP is usually UDP so you probably need to change protocol: tcp/ip

Firewalling / Re: Cannot access internet from LAN
« on: February 14, 2017, 02:40:07 am »
and have you created static routes on your pfsense for the networks behind your layer 3 switch?

Firewalling / Re: Cannot access internet from LAN
« on: February 14, 2017, 02:37:23 am »
why don't you use a separate network between the switch and pfSense? That could be your issue. And you do only have the wan set up GW set up as default gw in your pfsense right?

NAT / Re: Force host online gaming.
« on: November 23, 2016, 08:18:24 am »
What exactly do you want to achieve? I really don't understand what you want here, but you can create a firewall rule that blocks all traffic from your network to destination any.

NAT / Re: Possible double NAT
« on: November 23, 2016, 08:16:16 am »
I suppose your networks are /24 networks? Yes port forwarding is want you want. Have you disabled the RCF1918 rule on your WAN tab? It's by default set to block all incoming packages with a source ip address from the Private Address space. This makes sense when pfsense is directly connected to your ISP, but in your case it's behind another router/nat device.

NAT / Re: PS4 NAT port forwarding
« on: November 23, 2016, 08:10:33 am »
This is from a CoD forum:

TCP:     80, 443, 1935, 3480
TCP and UDP:  3478-3479, 3074, 3075

By default a new rule in pfSense is created using TCP. Have you remembered to change that to TCP/UDP for some of the rules?

Firewalling / Re: Confusion About Firewall Rules?
« on: November 23, 2016, 07:53:05 am »
The firewall rules are always matched from top to bottom so you should create a rule that drops traffic from network downstairs to upstairs as the first entry in the VLAN (Downstairs) rule tab. And then create your allow rules below. That would drop all the packages from downstairs to upstairs cause they are matched by the first rule. everything else would be allowed to whatever it's destination is.

I have added a picture of how it could look.

Firewalling / Re: Firewall rule logging
« on: November 16, 2016, 02:39:11 pm »
No, I don't mean internal lan... I mean if a PC download or upload a file from internet I don't see anything in log
Thanks for your explanation, I mean traffic from PC 1 to PC 3 isn't logged for traffic for download or upload files...

maybe I explain myself better with this example:

Taking your diagarm network topology as reference, if PC1 sends 100 icmp packets to PC3, firewall log show me only 1 icmp packet.

There is a way to show all 100 icmp packets on log?

oh that's a good question. I'm not that familiar with pfSense, but my bet would be that all hits on a rule should be logged.

Firewalling / Re: Firewall rule logging
« on: November 16, 2016, 06:26:33 am »

Traffic from PC1 to PC2 will not be logged since it doesn't hit the firewalls interface.

Traffic from PC1 to PC3 will be logged since it leaves the "LAN" interface on the firewall to reach PC3

The way i read your questions is that you don't understand why you don't see anything in the log when you're downloading/uploading files internally in your LAN

Firewalling / Re: Firewall rule logging
« on: November 16, 2016, 05:17:49 am »

You're only logging traffic leaving the firewalls Lan interface. You can't log traffic inside your Lan on the firewall.

Pages: [1] 2