Netgate SG-1000 microFirewall

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - Darkk

Pages: [1] 2 3 4 5 ... 16
1
Messages from the pfSense Team / Re: An update on Meltdown and Spectre
« on: January 23, 2018, 03:13:36 pm »
Sweet!!  Meanwhile the hackers and the NSA are having a party!

I agree it's a mess and hope this will get patched soon.


2
Installation and Upgrades / Re: Failed upgrade 2.3.2 ALIX 2C2
« on: August 01, 2016, 09:49:54 pm »
Someone posted might point to a failing hard drive / CF.  Might want to run SMART to see what results you get off of it.

3
I did talked with tech support at WatchGuard and been told they do test the new firmwares before releasing them to the wild.  In our cause since we are the minority of using SPF they didn't catch this.  I going to guess someone changed the code that broke the links to the SPF module libraries before compiling the firmware.

So for special setups may not take into account before releasing the updated firmware.   Lucky I made an image backup of the firewall before I upgraded it.  However, since only HA is just borked I left it as is since it's working.  Just we don't have redundancy.  They are working on an update. 

WatchGuard have nothing to do with this thread so don't want to go off topic but wanted to point out that bad upgrades can happen with anything.  Especially for complicated piece of software.

4
I didn't have any issues with the upgrade.  Although the download of the packages took awhile.  I did check through the forums first to see if anybody had show stoppers that may affect my set up.  I held my breath and clicked on the upgrade button.

Then walked away to get some lunch.  When I came back upgrade was successful after it rebooted itself.  So far everything is working fine. 

I didn't have this kind of success with WatchGuard last weekend when I upgraded it to their latest firmware only later to find out they borked the SPF modules which is what I use for HA so both the primary and secondary units kept fighting with each other since neither know the current state of each other.  What a mess.  Previous firmware didn't have this problem.  This is not to bash WatchGuard but point is things happen even with a commercial paid product.





5
General Questions / Re: 2 Factor Authenication
« on: July 27, 2016, 01:21:53 pm »
Wouldn't this be counter productive though?
It would be opening up areas of attack.

As a security measure unless you intend to expose your routers configuration to the outside web (and even then it still seems silly for you to expose the config page to your local network).
It's just one of those superfluous things.

It seems like adding unnecessary feature because by default you're not going to be logging in to your router/firewall from unsecured networks are you?

The idea behind the 2 factor authentication is to make it harder for brute force attack if someone somehow gotten inside your network or some disgruntled employee at work know some passwords about your servers and equipment.   Obviously bad security practice if folks outside of IT know the passwords either not keeping it secure or rarely ever change it.

It would be an option not to use it so either way why not have it?


6
General Questions / Re: 2 Factor Authenication
« on: July 27, 2016, 01:17:52 pm »
We can also use an app like Authy, which integrates with Google Authenticator but works with other 2FA apps.

https://www.authy.com/

I use this app as well and works great on my phone.

7
General Questions / 2 Factor Authenication
« on: July 26, 2016, 09:20:08 pm »
It seems 2 Factor Authentication is becoming more and more the norm to add extra layer of security.  Any plans to add something like Google Authenticatior to the admin login page pf pfSense?

2 Factor authentication with SMS is no longer desired so thinking Google Authenticatior would be better.

Thanks.

8
Installation and Upgrades / Re: pfSense 2.3 UEFI boot support?
« on: May 05, 2016, 10:53:49 pm »
From a security standpoint we should stick with true and tried BIOS instead of UEFI.

UEFI looks pretty cool but it also makes it easy to load hacked code in it.   BIOS is very limited and pretty much locked down to keep itself from being modified by malware.


9
Installation and Upgrades / Re: What is release 2.3_1?
« on: May 04, 2016, 07:45:50 am »
Nice new update system.  Works pretty well.  Happy to see no reboot required for this one.  Yes would like to see release notes in the updater to give us an idea what to expect and anything we need to do.

No, I wouldn't want automatic restart of services long as the updater tells me which ones I need to restart since in production it may disrupt anybody using it.


10
Installation and Upgrades / Re: Upgrade Successes
« on: April 13, 2016, 12:33:54 am »

6 different boxes all without a hitch.

Microsoft updates today on the other hand didn't go as well.  ::)


I'm an IT manager at a good size company with 240+ machines.  Would given me a headache if I released the Windows updates via the WSUS server tonight.   ;D  I usually wait a couple of weeks to release it to give Microsoft a chance to fix whatever they broke with the updates.   It is a security risk but I have other network monitoring servers running Linux to keep eye on things. Also most of my users know not to open unknown attachments or click on anything suspicious.  They usually submit a ticket to have us check it out first.

Thanks for the Windows updates heads up.  lol







11
Installation and Upgrades / Re: Upgrade Successes
« on: April 12, 2016, 10:05:18 pm »
I upgraded from 2.2.5 to 2.3 without any issues.  I did get a couple of messages saying Level 7 shaping is no longer supported and some other package.  Neither one a big deal to me as don't use them.

I've upgraded to 2.2.6 a few months ago and ran into some issues so reverted back to 2.2.5.   Happy to see 2.3 upgrade went without issues.  Everything worked.

Love the new menus.  Very clear and easy to find things on the page. 

Going to find that donation page.

Keep up the great work pfSense team!!



12
Just one file:

[2.2.6-RELEASE]/usr/local/etc/ssl: ls -l
total 960
-rw-r--r--  1 root  wheel  944280 Dec 21 13:20 cert.pem


Looking inside the pem file it's just a standard CA signed root certs.  Alot of them set to expire around 2020 to 2030



13
I am getting this when trying to fetch it in the command prompt:

$ fetch https://packages.pfsense.org
No server SSL certificate
fetch: https://packages.pfsense.org: Authentication error


14
After I did the upgrade to 2.2.6 only one package got reinstalled.  So went to install manually I got this warning message:

 System: Package Manager help

   exclamation    The package server's SSL certificate could not be verified. The SSL certificate itself may be invalid, its chain of trust may have failed validation, or the server may have been impersonated. Downloaded packages may come from an untrusted source. Proceed with caution.

Should I be concerned about this?

I will hold off installing any packages.

15
So adding:

push "route 10.0.0.0 255.0.0.0";

in the Advanced configuration didn't work?



Pages: [1] 2 3 4 5 ... 16