Netgate SG-1000 microFirewall

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Messages - SR190

Pages: 1 [2] 3
OpenVPN / Re: Inline Client export for Android stuck in 'queued'
« on: September 15, 2017, 06:40:38 pm »
Problem solved. There is something buggy with the Android browser. I was able to download the client export via chrome.

OpenVPN / Inline Client export for Android stuck in 'queued'
« on: September 14, 2017, 07:21:25 pm »
Whenever I go to download any of the client exports on my android  for my openvpn implementation, the download screen sees the download as 'queued'. I wait a minute or so and it says that the download failed. This is likely a device issue, just wondered if anyone had any thoughts?

General Questions / Re: pfSense host and domain (FQDN) signifigance
« on: August 19, 2017, 11:50:03 am »
Thanks johnpoz. Besides naming conflicts with other devices, does domain name defined in pfSense have any consequence to DNS on subnetworks. I am still not sure why the firewall has a domain name definition.

General Questions / pfSense host and domain (FQDN) signifigance
« on: August 19, 2017, 09:40:29 am »
Does the FQDN for a pfSense firewall have any real consequence, or is it just a name? Does it play any role in DNS?

Current situation. My pfSense firewall will be the central routing device for a number of subnets, one of which is an AD domain. Half a dozen other subnets defined on the firewall are not joined to that subnet/domain.

Can the firewall have the same FQDN domain name, as that of the AD controller domain name without creating namespace conflicts, or breaking with best-practice?

firewall FQDN: 'FW-1.ACME.local'
AD controller domain name: 'ACME.local'

General Questions / Re: Rule ordering on mobile device
« on: August 12, 2017, 11:34:05 pm »
Thanks. That did the trick.

General Questions / Rule ordering on mobile device
« on: August 12, 2017, 10:48:56 pm »
I can't seem to drag and re-oder rules in the webConfigurator while accessing it from a mobile device. Has anyone else had luck? It's not the ideal management host, but from time to time I need access while away from the desktop.

General Questions / Re: webConfigurator, SSH
« on: August 12, 2017, 01:03:38 pm »

If SSH was only available on a management interface (isolated with rules) could it be exploited either externally or from within one's network?

What would the advantage of enabling SSH for internal management of pfSense if the web configurator is primarily used?

General Questions / webConfigurator, SSH
« on: August 09, 2017, 09:00:51 pm »
Is it a correct assumption that someone accessing the webConfigurator via http assumes that their internal network is secure?

Also, if you choose to enable the SSH server for internal network use only, is it best practice to move it to a non-standard port?


Thanks pfBasic.
I wear quite a few hats that require regular non-administrative use of all subnets (one is subject to PCI) in our environment. To avoid having to keep half of a dozen towers by my desk, would VMs on maybe two desktops be advised/ secure with dedicated NICs per VM? Would a host-based hypervisor suffice, or should it be bare metal?


I have three sites that will soon be using pfSense firewalls. I plan to create a management VLAN for each site that provides administrative access to the web configurators for each managed device (ie. Switches, AP's etc).

My question relates to best practices for creating a single, secure, administrative host that can access the three management VLANs (one per site). I will likely have a hub and spoke VPN with head office serving as the NOC.

Any suggestions for this configuration, and a secure administrative host would be greatly appreciated. Thanks.

Derelict, would the switch need to be a layer 3 to unravel the management VLAN?

Thanks Derelict. I appreciate the suggestion.

General Questions / pfSense untagged VLAN for Unifi UAP management
« on: July 17, 2017, 08:37:50 pm »
I have some questions surrounding UAP AC Lite integration with my pfSense firewall.

According to the below link, the "UniFi APs are only managed via an untagged VLAN."

I have assigned two interfaces on my pfSense box to two VLANs on igb2 (the parent interface). These virtual interfaces correspond to two SSIDs on my UAP. To manage the UAP I have assigned a 'MGMT' interface on my pfSense box to the igb2 port itself (no VLAN).

Is this the only approach that will work? Is it smart/secure to have this MGMT interface assigned to the igb2 port, while the VLANs are treating it as the parent ID? How else would one create an 'untagged VLAN' on a pfSense box?


Firewalling / Re: WLAN web management from LAN single host
« on: April 21, 2017, 06:03:12 pm »
Is it an issue with my wireless router? With rules allowing traffic from LAN to any, I should be able to resolve the web admin, but no go.

Any thoughts?

OpenVPN / Re: VPN for multiple sites and subnets
« on: April 20, 2017, 08:27:45 pm »

Pages: 1 [2] 3