Netgate SG-1000 microFirewall

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Topics - hagensieker

Pages: [1]
Installation and Upgrades / Restore backup - different hardware
« on: February 10, 2018, 06:53:20 pm »
I have an SG-2220.

Just bought this

and installed latest pfSense on it.

Will I be able to simply restore the backup file from the SG-2220 or do I have to reconfigure all?

Official pfSense Hardware / SG-2220 user - upgrade?
« on: January 30, 2018, 05:30:19 am »
I have a Netgate SG-2220 which I've had for I guess a couple years.  I'm considering upgrading however torn between official pfsense hardware and building my own.

Or should I just use SG-2220 until death?  I'm not having any issues however I've been reading a lot lately about them just dying.  Also concerned if it will be adequate for the upcoming v2.5

Any thoughts, ideas, or gotchas?  Or leave well enough alone?

IDS/IPS / Snort JavaScript Heap Spray
« on: July 27, 2017, 04:25:10 am »
I keep throwing an Alert and Block in Snort whenever I go to a particular site (  This is the block notification

ET SHELLCODE Hex Obfuscated JavaScript Heap Spray 41414141 -- 2017-07-27 05:14:03

Can this be considered a false positive?

pfBlockerNG / PfblockerNG and DNSBL
« on: March 22, 2017, 01:50:15 pm »
When I go to Youtube (and some other sites) this pops up.  Disabling DNSBL makes it go away.  I have read through the forum.  Unchecked, forced update, etc but this persists. It did it ages ago, went away, and then seemed to reoccur recently, maybe after my last update to pfSense.

Firewalling / Simple help with port forwarding
« on: September 05, 2016, 07:49:46 pm »
This is probably really basic but I can't figure it out.

I have a web server on 192.168.xx.xx:2100  This is on VLAN20

PfSense is at 10.X.XX.X

how do I direct traffic to my web server on the computer behind pfsense.  (My ISP blocks 80)

Firewalling / Guest network block computer to computer
« on: July 30, 2016, 04:06:34 pm »
I have two wifi access points.  One is on VLAN10 and is internet only and cannot see the other network. 

Is it possible to create rules that prevent any computer on this VLAN10 guest network from seeing another computer on the same VLAN10 network?

IDS/IPS / Snort Suppress List Question
« on: July 12, 2016, 07:06:56 am »
I'm new to pfSense and even newer to Snort.

Installed Snort, had it running for a couple days then noticed I wasn't blocking anything.  Just monitoring.

I enabled blocking and shortly after darn near couldn't pull down any web sites.  So I googled around and found out there are a bunch of false positives so I began to suppress things (based on things I read mostly on this forum). 

So right now I'm pretty much doing most of what I generally do online with no failures.  Last thing I noticed though was my Mac email wasn't working.  Then I cleared the blocks and it started working.  I figured out by trial and error it was the Unknown IMAP4 command so I suppressed it and sure enough email starts working again.

So I'm a trial and error guy but I am NOT a firewall guy, or a threat monitoring guy so I'm posting my current suppress list in the hopes an expert can tell me what's right or what's wrong or "Oh My God Don't Do That".

Any advice helps.  Thanks.  I changed my IP to all X's

Code: [Select]
suppress gen_id 120, sig_id 3

suppress gen_id 120, sig_id 8

suppress gen_id 119, sig_id 2

suppress gen_id 119, sig_id 33

#(http_inspect) PROTOCOL-OTHER HTTP server response before client request
suppress gen_id 120, sig_id 18

#(spp_ssl) Invalid Client HELLO after Server HELLO Detected
suppress gen_id 137, sig_id 1, track by_src, ip

#(IMAP) Unknown IMAP4 command
suppress gen_id 141, sig_id 1, track by_src, ip

IDS/IPS / Snort VRT Rules
« on: July 11, 2016, 06:45:12 pm »
I am brand new to pfSense and have installed Snort which ran for a day then wouldn't start.  I ran through a couple uninstall and installs and it miraculously starts and stops now however the VRT rules won't download (this was noticed before I ever did the first uninstall) and has an MD5 checksum error.

General Questions / VLAN Firewall Rule
« on: July 11, 2016, 05:30:39 am »
I set up 2 ports on a netgear switch for VLAN

VLAN 10 =
VLAN 20 =

I can ping from devices between 10 and 20 and I want them segregated.  Attached is my VLAN 10 firewall rule which allows all traffic.  VLAN20 is the same.  What do I need to do and I'm very new at this kind of thing.  Had pfSense for 3 days now.

I know I need to be more restrictive but not sure how.

Routing and Multi WAN / Add VLAN
« on: July 09, 2016, 09:57:29 am »
Bear with me, I just got my SG-2220 last night and I have less than 24 hours experience with pfSense.

I set up everything and it went very smooth.  SG-2220 > Netgear GS108E v3 switch > WRT1900ACS router for wifi access point.

All works well.  PFSense =, Wi-Fi AP =

Set up DDNS with DuckDNS and OpenVPN.  Installed export VPN works perfectly.

However my previous stand alone installation of the DDWRT router had a VLAN set up for a guest network.  That no longer works under my configuration.  No big deal.  I literally have 10 routers in this house.  My intent is to add a 2nd router as a VLAN (

I configure my switch as such:

VLAN 1 = ports 1 through 7 untagged
VLAN 10 = Port 8 tagged

Plug router into port 8.

Set VLAN Interface with VLAN tag 10  with parent interface Lan and changed name from OPT2 to VLAN10
Then added it in the interface assignments

Then made a firewall rule from VLAN10 to any.

I can ping from pfsense but I cannot ping when hooked to the wifi network of the VLAN.  No traffic is going through.  That router is set with no DHCP in router mode address,, gw

I'm stumped.

For the record I don't really need a guest network at my house however now that I have gone down this path I have to know how to do it for no other reason than I have to know how to do it.  :)

General Questions / New guy questions
« on: July 04, 2016, 07:24:22 pm »
I'm a DD-WRT guy throwing myself into self taught network security.  I run only a home network with about 25 devices and run OpenVPN and Privoxy Ad Blocker, and DDNS on my current routers (WRT1900ACS or R7000 depending on my mood).

Just learned about pfSense and interested in taking the plunge.  Trying to decide whether to build a box or buy the SG-2220.

I have a couple questions:

Without buying the Wi-Fi on the SG-2220 can I hook another router to the lan port and use it as an access point only for wifi?

Can I hook a switch up and use a couple of appliances (Time Capsule for mac backups, Apple TV, Mac Mini) directly to the switch?

And can I then hang that wifi router off the same switch.

I think the answer to all this is yes but want to make sure.

Also if anyone has any recommendations on getting started I'm all ears and will take any advice I can get.


John in North Carolina

Pages: [1]