Menu

Show posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Show posts Menu

Topics - tuatara

#1
General Discussion / 2 hour delay
August 06, 2024, 04:35:32 PM
This might turn out to be an embarrassing question ..   :-\

In all the reporting graphs, like : Health Insight , Traffic , Unbound DNS,

The most recent time that can be displayed in under the graphs, is 2 hours ago.
Although the most recent data in the graphs appear to be of  'now" ..

The system date is correct, and all the Firewall live log data has the correct time
as all the log files are correct.

Do I overlook something?
#2
When I searched for this, In this forum I found the following post:

Quote[SOLVED] ssl handshake errors between unbound and DNS over TLS enabled forwarders
« Reply #3 on: March 08, 2019, 10:24:43 pm »
I found a solution for my issue. I added following line to a server block and afterwards the name resolution works.
tls-cert-bundle: /etc/ssl/cert.pem

Is there someone who can explain, where exactly I need to place the line above, since I don't understand what was meant with:
"I added following line to a server block" where exactly is that?

Thanks in advance
#3
Does anyone perhaps know, how to solve this:

Firewall, Live View,
If I want to delete a filter  template there,  I get : Template delete failed. Result: undefined

If I want to create a new Filter template: Template save failed. Message: undefined

Is this perhaps a permissions problem, and if so where ?

Thanks in advance,

Tuatara
#4
Directly after the last update to (now 22.7.6 ) I've noticed that:
Firewall,Log Files, Live View, no longer works as before.
In the past I was able to select 50 or 100 to see that last number of lines.
But now the content disappears  before at reaches that number.
Of course I've tried multiple browsers, but the effect is the same.
Is this a known issue, was it introduced by the last PHP updates perhaps ?

Thanks in advance

Tuatara
#5
Zenarmor (Sensei) / First Impressions
October 10, 2022, 11:18:48 AM
As a CyberSecurity Engineer I really like ZenArmor,

Here are my First impressions..

Using the Free version for trailing, these were some things that I've noticed:

- Only Credit card and WePay as payment options, so no PayPal or Ideal
- Very difficult to find the cancellation method or period on their website
- No Reverse IP resolving of hosts on your private networks, so you manually have to do that, each time when investigating traffic for one of your devices.
- Unworkable amounts of False Positives on the following Security Policies:
- - Block potentially Dangerous sites =>  for many of VirustTotal verified safe Dutch websites
- - Block Firstly Seen Sites          =>  many websites and domains older than 2 years are blocked
- - Block undecided Not Safe Sites   
- - Blocking ads sometimes break websites without ads.
- It would be nice to have a bit more flexibility in the web control categories in the Free version.

As already discussed in this forum, you have to trust the vendor, but that is always the case
for each Security product. Especially when private data can be uploaded to the cloud or to the vendor.
I have no reason to doubt the reputation of Sunny Valley, but it is fair to mention this in general, just for awareness.

The Dutch saying says: "don't look a gift horse in the mouth".
And I think that the free version delivers a lot of value for free / bang for no buck,
I am really impressed with the amount of information it provides and it's rich feature set.

so I will continue to test for a while and give another update soon.


Tuatara
#6
The free version has its limitations, so I want to trial for a while with a paid version to see if it is usable for me. Since I did not read the fine licensing print before at other parties in the past ... :(
I tried to find out how you can cancel a subscription, and what the cancellation period is when you pay monthly.
- Could not find it on the website, but perhaps I've overlooked.
- Did not receive an answer by mail within almost a week on this.

Does anyone here know?

Thanks in advance.
#7
Since a couple of days, I receive a lot of attacks on my OPNsense Firewall WAN interface.
It is more than the usual port scanning etc.
I've blocked many of the source IP addresses but they keep changing, and appearing,
but the always have this syntax for their FQDN:
<number>-<number>-<number>-<number>.hinet-ip.hinet.net
Preferable I want to block: *.hinet.net  to include all hosts and/or sub-domains from that domain name
I already spent many hours searching for this, can anyone please let me know if this is possible ?

BTW: China is already Geoblocked, but these slip through that.

Thanks in advance
#8
General Discussion / DNS set up help needed
September 18, 2022, 02:56:17 PM
Appologies is this question is too simple, but it is new for me, and I already spent many hours on it:
Its the following:

I want to redirect all DNS queries (port 53) for any not-WAN interface
to the local DNS resolver, like Unbound or any other that is recommended.
The local hosts to resolve are all using DHCP static leases.
all the DNS resolving requests for any other hosts should be forwarded to a specific namesever on the Internet.
Can someone help me on the way or refer me to an example ?

Thanks in advance,
Tuatara


#9
General Discussion / double log entries..
July 17, 2020, 12:56:23 PM
Does anyone know this?
Behind the WAN interface of my firewall is a cable-modem to connect to the internet
The problem is that all the logging is double
If a LAN pc connects to the Internet, there are two connections logged:
1 LAN to Internet
2 from the rule: let out anything from firewall host itself (force gw)
How can I prevent this double logging?
- I could not find a way to disable the log of the mentioned floating rule. ( I can do without that one)
- or did I perhaps set the Gateway wrong (now the IP address of the Cable Internet modem LAN side)

Any help is appreciated..
#10
This is the case:
I've created WIFI for guests (like in a restaurant or cafe).
So it is an Internet set up for "guests" (but they are using regular WIFI Access Points connected to OPT 1..
it is a new OPNsense Firewall.... So the WIFI users want to connect to A VPN provider on the Internet.
The problem is , depending on the guest they might want to use any provider like NordVPN, SwissVPN , Protonmail, Kaspersky etc etc.
The problem is that I don't know which VPN service provider they want to access, but in most cases they use OpenVPN.
I did some testing with SwissVPN and if I use a PC on the LAN interface I can succesful setup VPN and I am able  to use it. (it is very slow though).
But from the WiFI it is possible to set up the VPN connection, but it is impossible to use it. ..time outs, disconnects access for 1 or 2 seconds etc.. The Wifi connection is done via NetGear R7000 Nighthawk WIFI routers, configured in "Access Point" mode
The OPNSense firewall is connected on WAN via DHCP on a DSL modem of the DSL Internet access provider

So my simple question is, how can I provide ANY/ALL VPN access for my users via WIFI ?

Can anyone help me with this?

#11
Is it possible to white list 3 countries with Geoip in Intrusion Detection instead of blocking all others ?
It is for a Wordpress web shop that is only allowed to sell in 3 specific countries. 
And which receives a enormous amounts of cyber attacks from other countries
#12
18.1 Legacy Series / IPS country block issue
April 17, 2018, 10:05:47 PM
Can anyone please inform me how I can allow access for 3 specific countries and block all others ? Is that possible?
BTW i was not able to see any difference between <country NOT>  and Country>   while testing. (with Alert or Drop)
I am using the most recent version ..
And blocking countries in general works fine..