Messages

Hi Baender,

That was the first thing I tried, but that didn't solve the exactly 2 hours time difference.
But .. I found the cause, it was something in the browser, perhaps one of the security/privacy plugins or add-ons.
When I tried another browser the issue was gone  ;)

From what?
System,Settings,General,Time Zone = country/city near me in my timezone
Reporting,Insight,Totals: The graph always shows my time - 2 hours on the right side of the graph (like all reporting graphs)
Firewall,Log Files, Live View : Shows entries at the current time
If I login via SSH and do "date"  it shows the correct date and time..

Time zone is set correctly under General settings, again the system time and time of the log files are ok. Do I need to set the time for reporting in a different way ? I don't understand that both can be different. ?

This might turn out to be an embarrassing question ..   :-\

In all the reporting graphs, like : Health Insight , Traffic , Unbound DNS,

The most recent time that can be displayed in under the graphs, is 2 hours ago.
Although the most recent data in the graphs appear to be of  'now" ..

The system date is correct, and all the Firewall live log data has the correct time
as all the log files are correct.

Do I overlook something?

[Template delete failed. Result: undefined]

Does anyone perhaps know, how to solve this:

Firewall, Live View,
If I want to delete a filter  template there,  I get : Template delete failed. Result: undefined

If I want to create a new Filter template: Template save failed. Message: undefined

Is this perhaps a permissions problem, and if so where ?

Thanks in advance,

Tuatara

Hi Franco,
Thanks for your response.
I am a bit confused and not sure if we are talking about the same situation.
So maybe I misunderstood your response...
Just to be sure:
What you described seems what I've seen before. But after the update things changed.
What happens now, is that even without auto-refresh it removes lines from the screen that should have stayed there. And with auto-refresh and the same number of lines selected let's say 100.
You will see 50 lines, screen refresh , 10 lines, screen refresh 30 lines etc. etc.
So manual refresh will not always show the selected number of lines as well.

The issue now is that I am not able to see the last 100 of lines whatever I select.

Directly after the last update to (now 22.7.6 ) I've noticed that:
Firewall,Log Files, Live View, no longer works as before.
In the past I was able to select 50 or 100 to see that last number of lines.
But now the content disappears  before at reaches that number.
Of course I've tried multiple browsers, but the effect is the same.
Is this a known issue, was it introduced by the last PHP updates perhaps ?

Thanks in advance

Tuatara

You are right, I think it is because of the free version:

in zenarmor, Configuration:

at DNS Enrichment for Reports   
DNS server IP addresses to do reverse IP lookups: 192.168.122.254 (is wrong and greyed out)

the "Perform real-time DNS reverse queries for local IP addresses " switch is not usable in the free version

Nice to hear it is working in the paid version..

As a CyberSecurity Engineer I really like ZenArmor,

Here are my First impressions..

Using the Free version for trailing, these were some things that I've noticed:

- Only Credit card and WePay as payment options, so no PayPal or Ideal
- Very difficult to find the cancellation method or period on their website
- No Reverse IP resolving of hosts on your private networks, so you manually have to do that, each time when investigating traffic for one of your devices.
- Unworkable amounts of False Positives on the following Security Policies:
- - Block potentially Dangerous sites =>  for many of VirustTotal verified safe Dutch websites
- - Block Firstly Seen Sites          =>  many websites and domains older than 2 years are blocked
- - Block undecided Not Safe Sites   
- - Blocking ads sometimes break websites without ads.
- It would be nice to have a bit more flexibility in the web control categories in the Free version.

As already discussed in this forum, you have to trust the vendor, but that is always the case
for each Security product. Especially when private data can be uploaded to the cloud or to the vendor.
I have no reason to doubt the reputation of Sunny Valley, but it is fair to mention this in general, just for awareness.

The Dutch saying says: "don't look a gift horse in the mouth".
And I think that the free version delivers a lot of value for free / bang for no buck,
I am really impressed with the amount of information it provides and it's rich feature set.

so I will continue to test for a while and give another update soon.


Tuatara

The free version has its limitations, so I want to trial for a while with a paid version to see if it is usable for me. Since I did not read the fine licensing print before at other parties in the past ... :(
I tried to find out how you can cancel a subscription, and what the cancellation period is when you pay monthly.
- Could not find it on the website, but perhaps I've overlooked.
- Did not receive an answer by mail within almost a week on this.

Does anyone here know?

Thanks in advance.

SOLVED !!!   ;D

pfff... that saves a lot of work !

Yep Supermule, That might do the trick!

Found the BGP ASN of that party , implementing now ..

Thanks a lot !

Sadly,
I don't know what their IP range is yet.
It seems that I can only add known hosts in that file.
Since there are new hosts popping up every time, I need to keep 24/7 monitoring which new hosts I see,
and than manually adding each host to the list since wildcards can not be used.
like *.hinet.net

btw I am running a deciso.com appliance

Thanks Manilx,

I am going to test that right now !

But you can't use something like: *.hinet.net in that text file found by the URL ?

Since a couple of days, I receive a lot of attacks on my OPNsense Firewall WAN interface.
It is more than the usual port scanning etc.
I've blocked many of the source IP addresses but they keep changing, and appearing,
but the always have this syntax for their FQDN:
<number>-<number>-<number>-<number>.hinet-ip.hinet.net
Preferable I want to block: *.hinet.net  to include all hosts and/or sub-domains from that domain name
I already spent many hours searching for this, can anyone please let me know if this is possible ?

BTW: China is already Geoblocked, but these slip through that.

Thanks in advance