Messages

1

Hardware and Performance / Re: Deciso 2770, 3842, 3852, and 3862 CPU

« on: February 16, 2024, 01:33:31 pm »

So I just realized the CPU on the old DEC3850 is EPYC Embedded 3201. From the spec sheet, it looks identical to the the new DEC3852 and DEC3862, so guess the CPU is also the same there? 

2

Hardware and Performance / Deciso 2770, 3842, 3852, and 3862 CPU

« on: February 14, 2024, 09:44:40 am »

Hi,

I am looking to buy a rack mounted Deciso appliance, so I wonder if anyone can give me the CPU for the Deciso 2770, 3842, 3852, and 3862?

I have the DEC750 and it is running the Ryzen V1500B. Is this the same with the DEC2770 considering the throughput on the spec sheets is the same?

Thanks,
Tommy

3

General Discussion / Re: Tor Configuration

« on: September 19, 2023, 02:21:08 am »

This works for me.

One thing missing in the instruction is that you also need to NAT port 53 TCP/UDP on the interface used for Tor to 127.0.0.1:9053 to prevent DNS leaks.

Oh, and the 127.0.0.1 Socks ACL seems unnecessary.

4

General Discussion / Proper configuration for Chrony

« on: July 28, 2023, 02:59:33 am »

Hi,

I am seeing some conflicting information on the forum, so I hope to find some clarifications here

- I want to use NTS, so I installed the Chrony plugin. I enabled NTS client support and added NTS peers.
- Some posts suggest that the NTP servers should be removed from NTP settings (the Service -> Network Time) so that ntpd stops running and will not run at boot. I followed this advice as I don't want an unnecessary service running on my system. However, I wonder if this is strictly necessary or if Chrony would have overriden NTPd anyways?
- The default port for chrony is 323 somehow. Is it to avoid conflict with NTPd?
- As far as I understand, chrony will automatically set the time. There is no need for a cronjob to sync with the chrony daemon. Is this correct?
- Someone said that if I change the port to 123, I will need to set up a cronjob to synchronize the time. If what I said above is correct, why is this the case? Is this person just wrong?

5

Hardware and Performance / Re: Threat Protection Throughput with RSS on DEC750 and DEC850

« on: July 24, 2023, 02:27:14 am »

Good to hear.

I bought the DEC750 last week. I just recently realized that I may have 10Gbps fiber in the not-so-distant future, so I am debating on whether to just return the DEC750 and buy a DEC850 or not.

6

Hardware and Performance / Re: Threat Protection Throughput with RSS on DEC750 and DEC850

« on: July 23, 2023, 06:25:46 pm »

Wow, interesting. I did not expect it to be that big of a difference.

I am a bit confused though: 400Mbps is well under the advertised 2Gbps. Are you using like a lot of rules or something?

7

Hardware and Performance / Re: Threat Protection Throughput with RSS on DEC750 and DEC850

« on: July 23, 2023, 09:10:37 am »

What is the maximum throughput that you got with it?

8

Hardware and Performance / Threat Protection Throughput with RSS on DEC750 and DEC850

« on: July 22, 2023, 01:45:40 pm »

Hi,

I wonder if anyone has done any threat protection throughput benchmark on these 2 devices with RSS? I see that without RSS it's 1Gbps on the DEC750 and 2Gbps on the DEC850, so I am wondering if RSS makes any difference.

Thanks,
Tommy

9

Hardware and Performance / Re: AMD SecureBoot on Deciso devices

« on: July 17, 2023, 12:02:00 pm »

Hi,

Okay, I won't debate. I am just leaving some links here in case you guys revisit this in the future:

https://www.amd.com/system/files/documents/amd-security-white-paper.pdf
https://www.amd.com/en/technologies/pro-security
https://www.servethehome.com/amd-psb-vendor-locks-epyc-cpus-for-enhanced-security-at-a-cost/

Regards,
Tommy

10

Hardware and Performance / Re: AMD SecureBoot on Deciso devices

« on: July 17, 2023, 10:33:40 am »

Hi Schellevis,

I meant that I want the boot to be rejected in case an attacker has somehow loaded firmware which does not match Deciso's signature into the flash chip (be it a through physical attack or some sort of exploit).

I am pretty sure that this can be set up by the OEM regardless of the UEFI Secure Boot state. Take a modern laptop for example - I don't think that anyone can just flash random boot firmware without bricking the device because of Intel Bootguard / AMD Platform Secure Boot. One can disable UEFI Secure Boot and use FreeBSD and their firmware will still be protected. It would really be nice if the Deciso devices have these.

Also, I am a bit confused by the notation "[2]600 series". Do you mean the DEC675 and DEC695? In any case, I ended up ordering a DEC750 so it should have UEFI, right?

11

Hardware and Performance / Re: AMD SecureBoot on Deciso devices

« on: July 17, 2023, 12:31:06 am »

Hi Schellevis,

Could you elaborate a bit more on this? What's stopping the EFI firmware from being verified regardless of the Secure Boot state of the operating system?

Thanks,
Tommy

12

Hardware and Performance / AMD SecureBoot on Deciso devices

« on: July 14, 2023, 08:15:34 am »

Hi,

I am looking to buy some Deciso appliances (mostly like the DEC695). I wonder if AMD SecureBoot is enabled on these devices? (Just to be clear, I am referring to the AMD Secure Boot that verifies the UEFI firmware, not UEFI Secure Boot).

I saw devices from other brands allowing users to just flash arbitrary boot firmware onto the devices and am not too happy about it, so I am hoping that Deciso devices will be different.

Thanks,
Tommy