Netgate SG-1000 microFirewall

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Topics - S_Erickson

Pages: [1]
Official pfSense Hardware / XG-1541 Boot Error.
« on: February 28, 2018, 12:49:52 pm »

Running an XG-1541 on 2.4.2-Release and love it. Have set cron to reboot it once a month, which it was scheduled to do last night. It worked, shut down fine, and then failed to start. Now unfortunately I was not here when this was discovered and the person who did discover it manually cut power and restarted it without documenting the error, something about failure to boot. It must have been a pre bootloader error because there is nothing in the dmesg.boot log except normal startup messages.

The system is only a little over a year old and I haven't seen any other errors. With nothing to really go on I ran extended S.M.A.R.T. tests on the SSD and it passed fine. Anyone seen anything similar or have reccomendations for testing the device?

Official pfSense Hardware / Netgate or PfSense? XG-1541
« on: January 18, 2018, 12:32:27 pm »
Running a PfSense branded XG-1541, I see that now they come branded as Netgate. I didn't think there was any difference but found that the Netgate coreboot update does not work on my XG-1541, it specifically says its only for Netgate devices. Meanwhile the system states it has a Netgate ID on the main system page. So what is the difference then? I don't see anything different in the hardware. Is it just a matter of a system id in the BIOS?

IDS/IPS / Snort Blocking /w Rule Force Disabled
« on: January 27, 2017, 06:06:07 pm »
Running PFSense 2.3.2-RELEASE-p1 (amd64)

I have snort working in IDS mode, and have set up the IP Rep preproc, using the emerging threats blacklist and an empty whitelist.
I have added several IP's to the whitelist that I have created but when any of them attempt to communicate it blocks them, saying they are whitelisted.  I have tried setting the whitelist to unblack as well as trust, and both times it does the same thing, blocking the packet saying that it is whitelisted.  The specific rule, 136:2,  has been disabled in the in the interface configuration, and even shows up in the alerts as force disabled but it blocks the IP anyways. If the ip is not in the whitelist it lets it through fine, which seems a little absurd to me. So I have suppressed that rule in addition to disabling it and that seems to work.  But this should not be operating like this unless I am (probably) missing something. I have stopped and restarted the service after every setting change, after adding the IP to the whitelist, and after disabling the rule. Every time snort starts up fine with no errors. Anyone have any ideas about what exactly I'm doing wrong here?

IDS/IPS / Snort Suppress List Syntax.
« on: January 25, 2017, 10:59:49 am »
On the suppress list tab it says that you can use count and seconds as options for the list but I tried to do do just this and snort wouldn't start saying that it was an invalid option. So either the format described below the box is incorrect or this is no longer possible on the suppress list and only by going into the snort interface and adding a custom filter rule. Can someone verify that this isn't just me? If it isn't then we should update the comments on that page to avoid confusion.
Code: [Select]
FATAL ERROR: /usr/local/etc/snort/snort_45782_igb4/suppwansuppress_585cb3283a4ca(63) suppress has incorrect argument count.

Pages: [1]