Netgate SG-1000 microFirewall

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Messages - Asterix

Pages: [1] 2 3 4 5 ... 60
IDS/IPS / Re: Snort master Suppress List
« on: January 02, 2018, 04:48:22 pm »
Here are some new additions in Suricata. They are still in my suppress list as I give them at least 3 months before considering them to be permanently disabled. Most of these blocked my smartTV from reaching the internet.

#ET SCAN Sipvicious User-Agent Detected (friendly-scanner)
suppress gen_id 1, sig_id 2011716

#ET SCAN Sipvicious Scan
suppress gen_id 1, sig_id 2008578

#ET DROP Dshield Block Listed Source group 1
suppress gen_id 1, sig_id 2402000

#ET CINS Active Threat Intelligence Poor Reputation IP group 65
suppress gen_id 1, sig_id 2403364

#ET CINS Active Threat Intelligence Poor Reputation IP group 3
suppress gen_id 1, sig_id 2403302

#ET CINS Active Threat Intelligence Poor Reputation IP group 82
suppress gen_id 1, sig_id 2403381

2.4 Development Snapshots / Re: suricata wont start
« on: January 01, 2018, 02:11:56 pm »
For stream men cap default is 64MB. Flow mem cap is 32MB

Cache/Proxy / Re: E2guardian4
« on: November 12, 2017, 11:33:20 am »
Never mind. Looks like I can see the E2guardian4 package if I add marcelloc unofficial repo for WPAD package.

2.4 Development Snapshots / Re: Static Route - Aliases issue
« on: November 11, 2017, 01:31:03 pm »
Yeah, its a simple network alias of 4 subnets with /24  and /64 (ipv6) subnet masks on the L3 network that need to be routed to the internet.

We need to account for different network situations in this area as no network is the same.

As I said earlier, the logic on the static route tab needs to be a little intelligent to detect and maybe throw an error if the alias has subnets like /23 and /24. If they are all in the same subnet /23 or /24 or any other "same" subnet across the alias then it should pickup the user defined or alias defined subnet in the drop down.

2.4 Development Snapshots / Re: Static Route - Aliases issue
« on: November 11, 2017, 08:39:51 am »
There should be a N/A option in the subnet drop down. The code could be made to be a little intelligent to detect the alias and decide if N/A needs to be selected by default if the alias has two or more different subnets. If not use the user defined subnet for Static routes.

Cache/Proxy / Re: E2guardian4
« on: November 10, 2017, 08:57:23 pm »
Was the package pulled out? I don't see it on the list of available packages anymore.

2.4 Development Snapshots / Static Route - Aliases issue
« on: November 10, 2017, 03:38:16 pm »
Having a L3 network I need to setup multiple static routings pointing to different L3 networks that is being managed by my Cisco switch. To make things easier I have setup multiple Aliases referring to the internal networks.. like LAN, VoIP, Video.. etc. and 1 alias covering all IPv4 networks and 1 covering all the IPv6 counterparts. The Aliases work fine under Rules section, never experienced an issue there.

Today I was trying to clean up the Static Route section as I have multiple IPv4 and IPv6 routes. I started by adding an Alias to "Destination Network" which got filled as I started to type one of the defined IPv4 Aliases, then selected 24 under subnet since all my internal IPV4 subnets are /24, then selected the IPv4 gateway I had defined in the gateways section and hit save. At first it looks like the settings stick but this does not work.. the info gets saved but the subnet turns back to /32 and that may be creating issues for the Static Route function to work. Is there a way to either define the subnet and make it stick OR make the subnet part optional since the Alias (network) many have the subnet defined. See similar issue with IPv6 static route as well.

Due to the this issue I had to define 8 static routes (4 IPv4 and 4 IPv6) which could had been easily accomplished with just 2 static routes.

Cache/Proxy / E2guardian4
« on: November 09, 2017, 05:49:17 pm »
Installed the E2guardian4 package this evening but having issues getting it to start filtering. I see the below error in the logs. I do not have a CA configured and have selected manual local proxy at port 3128. But the below error seems that E2 is still looking for a CA at port 8888.

/pkg_edit.php: The command '/usr/local/etc/rc.d/ start' returned exit code '1', the output was 'FATAL: No valid signing SSL certificate configured for HTTP_port Squid Cache (Version 3.5.27): Terminated abnormally. CPU Usage: 0.016 seconds = 0.016 user + 0.000 sys Maximum Resident Size: 47616 KB Page faults with physical i/o: 0'

No valid signing SSL certificate configured for HTTP_port

As the subject says, I am not able to restore Status_Traffic_Totals package. Is there an update required in the config.xml script to pick up the package during a config backup?

Cache/Proxy / Re: Unofficial WPAD package for pfSense software
« on: November 06, 2017, 07:44:18 pm »
Nice! Can you make this package official?

I can submit a pull request to oficial repo. But need core team review to get merged.

Great work here marcelloc. Finally I have wpad hosted with webconfigurator on https.

Any update on the pull request to official repo?

Hardware / Re: Which would be better for my pfsense box?
« on: October 13, 2017, 04:30:06 pm »
Go for the Xeon D-1521. It will save you some running costs (not by that much). Virtualize it and install a couple of VMs to consolidate any servers you may be thinking of upgrading. The Xeon D-1521 has enough power to run your pfSense along with 2 or 3 decent power hungry servers.

Hardware / Re: Which Xeon 2011-3 processor would be better to choose?
« on: September 29, 2017, 06:28:59 pm »
Xeon D is now my first choice in router hardware recommendations. I think it even beats i3 processors when compared in terms of having multiple hosts in VM.

Instead of going with the older Xeons, it’s best to invest in newer technology which supports pretty much all pfsense requirments and added functionalities.

Hardware / Re: Intel Pentium N4200
« on: September 23, 2017, 07:11:06 pm »
I would highly recommend you take a look at the Xeon D processors. SoC, fanless, low TDP and very powerful. Install vmWare ESXi on it and you can consolidate a lot of systems.

Hardware / Re: Intel Atom® Processor C3758 or C3850
« on: September 13, 2017, 06:55:57 pm »
Go for a Xeon D instead.

Hardware / Re: Ryzen 3 Restarts under Load
« on: August 29, 2017, 10:04:21 am »
Have you done a load test on the new system to ensure there is no hardware issue? CPU fan not seated properly may also cause the system to reboot. Also check the motherboard BIOS settings and disable any power saving features or board fan rpm settings you may have turned on.

My Asus server had a similar issue and it would just crash randomly under little to light load. I had to turn of the power savings in it's BIOS and that has worked. Try it out and see.

Pages: [1] 2 3 4 5 ... 60