Netgate SG-1000 microFirewall

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Messages - FranciscoFranco

Pages: [1] 2 3 4 5 ... 7
Hardware / Re: G2 socket motherboard
« on: January 27, 2018, 05:35:13 pm »
but those laptop extracted CPUs are often rather useless
I totally disagree and feel QM77 boards are a good choice. I have several from Advantech AIMB-272 to Kontron QM77.
Plus most use an Intel ethernet chip due to industrial nature. No shortchanging you with a junk interfaces.

If you need advanced CPU features make sure you get a i7 chip(aes-ni).
I am using 3612QM and 3632QM and they are a nice CPU.
Better than any desktop CPU due to their low TDP in my opinion.

Official pfSense Hardware / Re: Hardware best for post Meltdown
« on: January 24, 2018, 03:30:18 am »
Thanks for your input. What I worry about is that the POC was done with JavaScript but that does not mean other vectors are not available.

I do get your point about executables not running on a firewall. Attack vectors are limited. Agreed.

Official pfSense Hardware / Re: SG-3100 - which cellular module
« on: January 21, 2018, 05:53:32 am »
The one thing that strikes me about this thread is that I feel this problem is a Sierra u3g one. This started for me back on the MC7700 modem.
I used to be able to use the AT command prompt with CU to see connection status with AT!gstatus=? and other AT! tools. This is while connected.
After O/S version change I lost the AT command console when I connected. It would lock me out of cu..
I have not seen the feature since. I am now using MC7355 on FreeBSD and no AT console while connected on that either.
Wonder if the endpoints in the sierra u3g driver are right. Something tells me they are not.
Can anyone see connection stats with AT command console using cu while connected with Sierra modem?

Maybe this came about because of firmware changes and usbcomps on Sierras end.
I know I used to use cu to monitor my cellular connection. Now I cannot.

I have tested the Sierra EM7355 m.2 module and it works.

Official pfSense Hardware / Hardware best for post Meltdown
« on: January 20, 2018, 10:04:42 pm »
I see two boxes that all of a sudden I am interested in.
These are both Arm and it seems they have no Predictive Logic in the CPU and should be OK
Is that a fair reading?

Looking at Intels Micro Code Updates(MCU) they are not going back very far generationally and much hardware is SOL. They released an MCU batch in November so maybe there is going to be more coming. I doubt it.  I see someone asking about MCU for the C2xxx series and this is something I doubt will get updated.

Wireless / Re: Thinking about wireless access points, with storage
« on: December 21, 2017, 05:43:10 pm »
I use FreeBSD as my Wireless AccessPoint OS behind pfSense and I found that the resources used for a WAP were so low I had to task the box with other things.
So I chose you use my APU2 WAP as a NFS file server with a 512GB mSATA drive. Both tasks seem to be extremely low overhead and the machine still runs under 5% cpu utilization. This is simply a backup file server for my network. I mostly use it for storing media files from my tvheadend box..

So opinions vary but a lightweight NFS server on a WAP is a sweetspot for me. If security were an issue I would run NFS from a jail.

Iwill used to be a noted server maker around Y2K. Looks like this is not the same company.

Just remember that these chicom specials are disposable boxes and there will be no real warranty.

Hardware / Re: Zotac ZBOX CI323 nano replace WIFI card
« on: December 21, 2017, 03:25:54 am »
I would stay on 802.11n chipsets. There is a newer ath10k in the works but it is not done yet.
I would buy this: QCNFA222-AR5BWB222
Do note they come in different M.2 key arrangements so look hard at your existing module and match them up.

Hardware / Re: APU2 with MC7455 SSD and WIFI
« on: November 04, 2017, 08:05:54 pm »
Can you post the following from console command prompt:
usbconfig (find ugen for the modem then do a dump_device_desc for the VID and PID)
ls /dev

Code: [Select]


0  - reserved                                     NOT SUPPORTED
1  - DM   AT                                      SUPPORTED
2  - reserved                                     NOT SUPPORTED
3  - reserved                                     NOT SUPPORTED
4  - reserved                                     NOT SUPPORTED
5  - reserved                                     NOT SUPPORTED
6  - DM   NMEA  AT    QMI                         SUPPORTED
8  - DM   NMEA  AT    MBIM                        SUPPORTED
9  - MBIM                                         SUPPORTED
10 - NMEA MBIM                                    SUPPORTED
11 - DM   MBIM                                    SUPPORTED
12 - DM   NMEA  MBIM                              SUPPORTED
13 - Config1: comp6    Config2: comp8             NOT SUPPORTED
14 - Config1: comp6    Config2: comp9             SUPPORTED
15 - Config1: comp6    Config2: comp10            NOT SUPPORTED
16 - Config1: comp6    Config2: comp11            NOT SUPPORTED
17 - Config1: comp6    Config2: comp12            NOT SUPPORTED
18 - Config1: comp7    Config2: comp8             NOT SUPPORTED
19 - Config1: comp7    Config2: comp9             SUPPORTED
20 - Config1: comp7    Config2: comp10            NOT SUPPORTED
21 - Config1: comp7    Config2: comp11            NOT SUPPORTED
22 - Config1: comp7    Config2: comp12            NOT SUPPORTED


Hardware / Re: APU2 with MC7455 SSD and WIFI
« on: November 04, 2017, 07:54:04 pm »
Something does not sound right if you have no cuaU0.x ports. I use the MC7354 in an APU3. You will need to use MBIM.
I use B2 with ATT. B12 should be newer TMobile towers.
Code: [Select]
ugen1.3: <Sierra Wireless, Incorporated MC7354> at usbus1, cfg=0 md=HOST spd=HIGH (480Mbps) pwr=ON (500mA)

root@APU3:~ # cu -l /dev/cuaU0.2
Manufacturer: Sierra Wireless, Incorporated
Model: MC7354
Revision: SWI9X15C_05.05.16.02 r21040 carmd-fwbuild1 2014/03/17 23:49:48
MEID: 359225050xxxxx
ESN: 12801654587, 80193F3B
IMEI: 359225050xxxxxx
FSN: J8511200850410


Current Time:  28978 Temperature: 32
Bootup Time:   0 Mode:        ONLINE         
System mode:   LTE        PS state:    Attached     
LTE band:      B2      LTE bw:      15 MHz 
LTE Rx chan:   925 LTE Tx chan: 18925
EMM state:     Registered      Normal Service
RRC state:     RRC Idle       
IMS reg state: No Srv 

RSSI (dBm):    -80 Tx Power:    0
RSRP (dBm):    -110 TAC:         5403 (21507)
RSRQ (dB):     -11 Cell ID:     00B11307 (11604743)
SINR (dB):      2.2


Hardware / Re: Which would be better for my pfsense box?
« on: October 16, 2017, 11:12:56 am »

But the Xeon E3 has 4 core and with HT also 8 cpu cores, or am I wrong with that?
And it scales to 3,7GHz in Turbo mode or over (PowerD) that he is getting most
out of the Open VPN as he stated to reach.

I am not sure about clockspeed for this. Is OpenVPN single threaded? 3.7 is the Turbo boost on only one core right?
Clockspeed never came into my thoughts. The age first indicator for me.
Maybe 2 x 10Gbe are not needed. For me it seems like a better board. A 70W chip for Gigabit at home seems undesirable.
Add in SuperMicro versus Dell and it's a no brainer.

Hardware / Re: Which would be better for my pfsense box?
« on: October 14, 2017, 05:24:58 pm »
I would take the D-1521 it is much newer uses DDR4.
Ivy Bridge from 2012 versus Broadwell from 2015
8 cores at 3.4ghz and 69W -versus- 8 cores at 2.4ghz and 45W

One thing to check is that Supermicro D1521 used 2x10G Ethernet too so that could be a kicker.
Post your board details for more help.

General Questions / Re: Pfsense as a file backup device
« on: October 12, 2017, 06:55:09 pm »
However, best security practices say the firewall computer should be dedicated solely to act as a firewall (this reduces the chances of the firewall being compromised), and practically speaking, this would impair the firewall's performance.

General Questions / Re: iSCSI Possible?
« on: October 06, 2017, 11:36:20 pm »
I don't know if this would work but I can say it is ill advised from a security standpoint..
You don't want your internet facing firewall to do anything but routing and network tasks.
iSCSI file serving is something you want to do behind pfSense not on top of it.

General Questions / Re: pfsense without nanobsd image
« on: October 05, 2017, 04:10:35 pm »
Are the dual slice arrangements with NanoBSD going away too?

2.4 Development Snapshots / Re: minnowboard turbot crash
« on: October 05, 2017, 12:57:23 am »
How about a report on the fan noise on the Dual-E Quad. Is it loud or quiet? Fixed speed or variable?

Pages: [1] 2 3 4 5 ... 7