Netgate SG-1000 microFirewall

Recent Posts

Pages: 1 2 3 4 [5] 6 7 8 9 10
Estou usando proxy transparente, sem certificado no cliente, e nas páginas https, não aparece a error page do e2guardian aparece  ERR_SSL_PROTOCOL_ERROR.
É normal assim nesta situação (transparente) ou tem como mostrar a página de erro como já é mostrado para páginas http?

Se habilitou o filtro de ssl na aba Daemon mas não marcou a interceptação de ssl no grupo,  o erro de site negado para o cliente vai aparecer como conexão recusada.

Pra mostrar a página de erro, você precisa habilitar a interceptação no(s) grupo(s)e instalar o certificado nas máquinas.
Packages / Re: What is Snort Blocking Right Now?
« Last post by LianYu4 on Yesterday at 09:15:00 pm »
Maybe I'm using the wrong terminology. What I mean by 'being blocked this instant' is when her apps tries to run, its trying to connect to an IP address and Snort is blocking it. I don't know what that IP address as the App doesn't list what servers it connects to. I don't know what IP Address Snort is blocking the response from because there is nothing in Snort, or the Diagnostics tab that shows remote IP addresses that are sending (or trying to send) packets to my router. Even on the Status/Traffic Graphs tab, none of the IP addresses popping up on the WAN adapter match anything in the Snort Blocked sites list - all done while I'm using her app and watching it fail.
So its all smoke and mirrors to me.
There is apparently no tool or function to list all incoming packet's source IP address (blocked or not). Personally, I don't understand this (maybe I'm being naive and stupid). I don't get why a enterprise level router, like pfSense, doesn't have this ability. 
If the Alerts in Snort don't show an Alert of incoming traffic that is being being blocked, only random old data, then what use is it?
None of the Snort alerts correspond to any of the times I tried her app and watched it fail.
So, how do I know Snort is blocking her app? I KILLED all the Snort block and magically her app started working least until Snort starts blocking it again because at some point it will do something Snort doesn't like, again.
What is the app doing that Snort doesn't like? I have no fracken clue.
What IP address is Snort blocking? I have no facken clue.
IMO, is Snort user friendly? Heck No
It's a black box.
IDS/IPS / Re: Suricata Blocking WAN IP Address
« Last post by Eboman on Yesterday at 09:08:12 pm »
Ehh...come to find out there IS a default PassList.  And my WAN IP address was in it -- and it was enabled under Networks Suricata Should Inspect and Protect.  It was not previously sent to "none" was on "default".

For kicks, I'm going to change it from Default to the new Pass List I created (which is identical to the default one).

More to come....


Hardware / Re: Off the shelf recommendations
« Last post by johnkeates on Yesterday at 09:05:31 pm »
Any PC with an i5 and Intel network cards. Or check the netgate store, the sg-3100 might do the job. Or the Qotom PC from Aliexpress, or the MiniSys.

If you have money and space to burn, an office PC will do.

Most important is:

- Intel network cards for best results
- good firmware, not broken bios shit like from ECS
IDS/IPS / Re: Suricata Blocking WAN IP Address
« Last post by Eboman on Yesterday at 08:53:10 pm »
Hmmm.....I might be on to something.
I just went into the Pass List section and it was completely blank.  No lists at all.

So I clicked "add", made sure I included all of the Auto-Generated Lists and I'll see what it does.

Now I have one list in my listnames...passlist_30503.

Fingers crossed.

Thanks again everyone.  I'll let you know if this fixed it.  Fun to learn something new.

IDS/IPS / Re: Suricata Blocking WAN IP Address
« Last post by Eboman on Yesterday at 08:45:51 pm »
I don't know.....
It just happened again.

My IP address does not change at all.

Here's the most recent one.

21:36:14   3   UDP   Generic Protocol Command Decode
       27637   70.161.x.x
     80   1:2200075
     SURICATA UDPv4 invalid checksum
21:33:49   3   UDP   Generic Protocol Command Decode
       27637   70.161.x.x
     53   1:2200075
     SURICATA UDPv4 invalid checksum

It just happened less than 10 minutes ago.  Weird.

Next time, I'll take a snapshot of the "Block" page and post it up.

bmeeks -- thanks for the advice.  Times all jive.  and IP address has been the same all day.  I appreciate you running the test.  You're correct -- it should NOT happen.  I am using Legacy mode, by the way. 

Is there some way to "manually" add my WAN IP address to Suricata to be on the Pass List?

I broke my machine!  Damn!

Thanks again,

DHCP and DNS / Re: DHCP DDNS zone issue
« Last post by lmkone on Yesterday at 08:32:18 pm »
Quick update, manually inserting (/etc/inc/
zone ...
does not do the job, but:
zone ...
zone ...
zone ...
zone ...

How do I go about fixing this the proper way (so I get update proof resolution)?
Anyone have any suggestions .. TIA
General Discussion / Re: Topic: geting started questions
« Last post by derp on Yesterday at 08:21:51 pm »
i have learned that what i am looking for is called a utm (unified threat management)

i can not get a copy to play with for experimentation, and it looks like it is a standalone that will not play with sense OS

now, seeing as how this would be a total game changer and everyone would benefit from it, and everyone needs it
the #1)  question is why do we not already have it
and 2)  what do we have to do in order to get it

so this leads me to wonder if there is a plug in, or set of accumulative  plug-ins available that i am not seeing

again after all this i want to keep a diligent focus on my end goal

i NEED to be able to watch  traffic real time GUI, with a line of data classified how and what you chose to show. the ability to right click on it, stop the flow, and chose what type of restrictions to implement into the firewall for that specific address, or general domain as a incredible volume more effective, faster, and efficient that a CLI table modification.
Pages: 1 2 3 4 [5] 6 7 8 9 10