Quantcast
Channel: Sophos User Bulletin Board
Viewing all 14361 articles
Browse latest View live

AStaro v9 > Checkpoint R77 one way firewall issue.

December 5, 2013, 2:38 pm
$
0
0
I am unable to get bidirectional traffic between an Astaro UTM v9 and a Checkpoint Firewall v R77. The Traffic from the Astaro network is fine but the traffic to the Astaro network will not encryppt. I am getting proper hase1 and phase2 negotiation. Below is the log entries from the astaro for starting the vpn as well as for the traffic from Astaro side to Checkpoint side.

Astaro external ip is yy.yyyy.yyy.yyy
CheckPoint external ip is xx.***.***.***

2013:12:05-17:24:17 sigodsas-1 pluto[6835]: listening for IKE messages
2013:12:05-17:24:17 sigodsas-1 pluto[6835]: forgetting secrets
2013:12:05-17:24:17 sigodsas-1 pluto[6835]: loading secrets from "/etc/ipsec.secrets"
2013:12:05-17:24:17 sigodsas-1 pluto[6835]: loaded PSK secret for yy.yyy.yyy.yyy xx.***.***.***
2013:12:05-17:24:17 sigodsas-1 pluto[6835]: loaded private key from 'Local X509 Cert.pem'
2013:12:05-17:24:17 sigodsas-1 pluto[6835]: forgetting secrets
2013:12:05-17:24:17 sigodsas-1 pluto[6835]: loading secrets from "/etc/ipsec.secrets"
2013:12:05-17:24:17 sigodsas-1 pluto[6835]: loaded PSK secret for yy.yyy.yyy.yyy xx.***.***.***
2013:12:05-17:24:17 sigodsas-1 pluto[6835]: loaded private key from 'Local X509 Cert.pem'
2013:12:05-17:24:17 sigodsas-1 pluto[6835]: loading ca certificates from '/etc/ipsec.d/cacerts'
2013:12:05-17:24:17 sigodsas-1 pluto[6835]: loaded ca certificate from '/etc/ipsec.d/cacerts/VPN Signing CA.pem'
2013:12:05-17:24:17 sigodsas-1 pluto[6835]: loading aa certificates from '/etc/ipsec.d/aacerts'
2013:12:05-17:24:17 sigodsas-1 pluto[6835]: loading ocsp certificates from '/etc/ipsec.d/ocspcerts'
2013:12:05-17:24:17 sigodsas-1 pluto[6835]: loading attribute certificates from '/etc/ipsec.d/acerts'
2013:12:05-17:24:17 sigodsas-1 pluto[6835]: Changing to directory '/etc/ipsec.d/crls'
2013:12:05-17:24:17 sigodsas-1 pluto[6835]: added connection description "S_SecNoc_VPN"
2013:12:05-17:24:17 sigodsas-1 pluto[6835]: "S_SecNoc_VPN" #323: initiating Main Mode
2013:12:05-17:24:17 sigodsas-1 pluto[6835]: added connection description "S_SecNoc_VPN"
2013:12:05-17:24:17 sigodsas-1 pluto[6835]: added connection description "S_SecNoc_VPN"
2013:12:05-17:24:17 sigodsas-1 pluto[6835]: added connection description "S_SecNoc_VPN"
2013:12:05-17:24:18 sigodsas-1 pluto[6835]: "S_SecNoc_VPN" #323: Peer ID is ID_IPV4_ADDR: 'xx.***.***.***'
2013:12:05-17:24:18 sigodsas-1 pluto[6835]: "S_SecNoc_VPN" #323: ISAKMP SA established
2013:12:05-17:24:18 sigodsas-1 pluto[6835]: "S_SecNoc_VPN" #324: initiating Quick Mode PSK+ENCRYPT+TUNNEL+UP {using isakmp#323}
2013:12:05-17:24:18 sigodsas-1 pluto[6835]: "S_SecNoc_VPN" #325: initiating Quick Mode PSK+ENCRYPT+TUNNEL+UP {using isakmp#323}
2013:12:05-17:24:18 sigodsas-1 pluto[6835]: "S_SecNoc_VPN" #326: initiating Quick Mode PSK+ENCRYPT+TUNNEL+UP {using isakmp#323}
2013:12:05-17:24:18 sigodsas-1 pluto[6835]: "S_SecNoc_VPN" #327: initiating Quick Mode PSK+ENCRYPT+TUNNEL+UP {using isakmp#323}
2013:12:05-17:24:18 sigodsas-1 pluto[6835]: "S_SecNoc_VPN" #323: discarding duplicate packet; already STATE_MAIN_I4
2013:12:05-17:24:18 sigodsas-1 pluto[6835]: id="2203" severity="info" sys="SecureNet" sub="vpn" event="Site-to-site VPN up" variant="ipsec" connection="SecNoc_VPN" address="yy.yyy.yyy.yyy" local_net="172.16.1.0/24" remote_net="172.31.254.0/24"
2013:12:05-17:24:18 sigodsas-1 pluto[6835]: "S_SecNoc_VPN" #324: sent QI2, IPsec SA established {ESP=>0xdab92480 <0xb482e905}
2013:12:05-17:24:18 sigodsas-1 pluto[6835]: id="2203" severity="info" sys="SecureNet" sub="vpn" event="Site-to-site VPN up" variant="ipsec" connection="SecNoc_VPN" address="yy.yyy.yyy.yyy" local_net="172.16.2.0/24" remote_net="172.31.254.0/24"
2013:12:05-17:24:18 sigodsas-1 pluto[6835]: "S_SecNoc_VPN" #325: sent QI2, IPsec SA established {ESP=>0x06c98a3d <0x6f1d52f7}
2013:12:05-17:24:18 sigodsas-1 pluto[6835]: id="2203" severity="info" sys="SecureNet" sub="vpn" event="Site-to-site VPN up" variant="ipsec" connection="SecNoc_VPN" address="yy.yyy.yyy.yyy" local_net="172.16.3.0/24" remote_net="172.31.254.0/24"
2013:12:05-17:24:18 sigodsas-1 pluto[6835]: "S_SecNoc_VPN" #326: sent QI2, IPsec SA established {ESP=>0xf4939b19 <0xb0a53461}
2013:12:05-17:24:18 sigodsas-1 pluto[6835]: id="2203" severity="info" sys="SecureNet" sub="vpn" event="Site-to-site VPN up" variant="ipsec" connection="SecNoc_VPN" address="yy.yyy.yyy.yyy" local_net="172.16.0.0/24" remote_net="172.31.254.0/24"
2013:12:05-17:24:18 sigodsas-1 pluto[6835]: "S_SecNoc_VPN" #327: sent QI2, IPsec SA established {ESP=>0x8a114817 <0x6b863072}
2013:12:05-17:24:40 sigodsas-1 pluto[6835]: "S_SecNoc_VPN" #323: cannot respond to IPsec SA request because no connection is known for 0.0.0.0/0===yy.yyy.yyy.yyy[yy.yyy.yyy.yyy]...xx.***.***.***[xx.***.***.***]===172.31.254.0/24
2013:12:05-17:24:40 sigodsas-1 pluto[6835]: "S_SecNoc_VPN" #323: sending encrypted notification INVALID_ID_INFORMATION to xx.***.***x.***:500
2013:12:05-17:24:42 sigodsas-1 pluto[6835]: "S_SecNoc_VPN" #323: Quick Mode I1 message is unacceptable because it uses a previously used Message ID 0xf931e6d1 (perhaps this is a duplicated packet)
2013:12:05-17:24:42 sigodsas-1 pluto[6835]: "S_SecNoc_VPN" #323: sending encrypted notification INVALID_MESSAGE_ID to xx.***.***.***:500
2013:12:05-17:24:44 sigodsas-1 pluto[6835]: "S_SecNoc_VPN" #323: Quick Mode I1 message is unacceptable because it uses a previously used Message ID 0xf931e6d1 (perhaps this is a duplicated packet)

Any help would be appreciated.
Search

DHCP trough SSL VPN

December 5, 2013, 4:13 pm
$
0
0
We are setting up a SSL VPN connection with Sophos UTM 9.1. Everything is configured, but when we connect with the VPN client we don't get a IP adress from our DHCP server. We get a whole different IP. The SSL override hostname is configured with the IP of our WAN IP adress.

We tried to set up DHCP relay also, but this doesn't work. The DHCP server is our DC1, which runs Active Directory and has an active DHCP role. Any help with this?

[9.185[BUG] Strange characters in Services Reports

December 5, 2013, 4:35 pm

Bandwidth Usage reporting problems

December 6, 2013, 12:51 am
$
0
0
Hi,

I did some Iperf network load testing through the UTM on 9.171 on Nov 28 and Dec 2-3...

Today, while looking at the reporting section (now on 9.185), I notice some problems:

The Bandwidth Usage reports are far too low, especially for the last 7 days.
(the 30day report is much higher, but still far too low)

I ran IPerf for 12 hours on the night of Dec 2nd, at over 500mbps; that should be about 2.5TB of data (12h * 3600s/h * 500mbps / 8bits/byte).

The 500mbps for 12 hours is correctly reflected in the Weekly Network Usage graph.

However, the 7 day report for top clients and top servers both only show 13.5GB transferred.
They do correctly show the IPs of both Iperf client & server.

The 30 day report (which should include Dec 2nd and Nov 28th) shows 79.9GB for both clients and servers.

So, either the system is not 'seeing' all the traffic, or there is an integer overflow problem somewhere.

I had the IPS disabled on the Dec 2-3 test, so the CPU & RAM usage was very low; the system is an i5-4670 with 4GB.

Thanks,
Barry

[9.165][ANSWERED] cannot install on 2TB+ disk

December 6, 2013, 1:57 am
$
0
0
Hi,

I was testing to see if the UTM would work with an LSI 9240-8i MegaRAID controller I recently bought.

I have it configured with a 4.2TB RAID5. (I realize this is overkill for the UTM.)

The install failed due to the disk size.

afaict, this means the UTM cannot be installed on a disk (or RAID) over 2TB.

Possible fixes:
1. use GPT partition tables

2. try to force the partition table to less than the max possible size?


Thanks,
Barry


Code:
Dec  6 01:43:22 (none) user.info bootstrap: Installing to /dev/sda (LSI MR9240-8i)
Dec  6 01:43:22 (none) user.info bootstrap: Selected time zone 'America/Los_Angeles'
Dec  6 01:43:22 (none) user.info bootstrap: Selected kbd layout 'us'
Dec  6 09:43:22 (none) user.info kernel: [  122.630273] NTFS driver 2.1.30 [Flags: R/W MODULE].
Dec  6 01:43:22 (none) user.info bootstrap: disk_size=8787591168
Dec  6 01:43:22 (none) user.info bootstrap: page_mem 3801, fuzz 1900, dmi memory: MOD: 0, PHYS_ARRAY: 0, MEM_DEV 10240
Dec  6 01:43:22 (none) user.info bootstrap: required: 12319 MiB, disk: 4290816 MiB, used: 4248029 MiB
Dec  6 01:43:22 (none) user.info bootstrap: page_mem 3801, fuzz 1900, dmi memory: MOD: 0, PHYS_ARRAY: 0, MEM_DEV 10240
Dec  6 01:43:22 (none) user.info bootstrap: END task 'configuration'
Dec  6 01:43:22 (none) user.info bootstrap: START task 'installation'
Dec  6 01:43:22 (none) user.info bootstrap: START screen 'inst_part_ask'
Dec  6 01:43:28 (none) user.info bootstrap: END screen 'inst_part_ask'
Dec  6 01:43:28 (none) user.info bootstrap: START screen 'inst_part'
Dec  6 01:43:29 (none) user.info bootstrap: MBR wiped
Dec  6 01:43:29 (none) user.info bootstrap: disk: sec=8787591168 (4290816 MiB)
Dec  6 01:43:29 (none) user.info bootstrap: system: parted --script -- /dev/sda mklabel msdos
Dec  6 01:43:29 (none) user.info bootstrap: system: returned with exit status 0
Dec  6 01:43:29 (none) user.info bootstrap: system: parted --script -- /dev/sda unit MiB mkpart primary ext3 1 351
Dec  6 01:43:29 (none) user.info bootstrap: system: returned with exit status 0
Dec  6 01:43:29 (none) user.info bootstrap: system: parted --script -- /dev/sda toggle 1 boot
Dec  6 01:43:29 (none) user.info bootstrap: system: returned with exit status 0
Dec  6 01:43:29 (none) user.info bootstrap: system: parted --script -- /dev/sda unit MiB mkpart primary linux-swap 351 4447
Dec  6 01:43:29 (none) user.info bootstrap: system: returned with exit status 0
Dec  6 01:43:29 (none) user.info bootstrap: system: parted --script -- /dev/sda unit MiB mkpart primary ext3 4447 5471
Dec  6 01:43:29 (none) user.info bootstrap: system: returned with exit status 0
Dec  6 01:43:29 (none) user.info bootstrap: system: parted --script -- /dev/sda unit MiB mkpart extended 5471 -1
Dec  6 01:43:29 (none) user.info bootstrap: Error: partition length of 8776373760 sectors exceeds the DOS-partition-table-imposed maximum of 2^32-1
Dec  6 01:43:29 (none) user.info bootstrap: system: returned with exit status 1
Dec  6 01:43:29 (none) user.info bootstrap: ERROR: Failed to partition device /dev/sda
Dec  6 01:44:21 (none) user.info bootstrap: END screen 'inst_part'
Dec  6 01:44:21 (none) user.info bootstrap: END task 'installation'
Dec  6 01:44:21 (none) user.info bootstrap: START task 'fail'
Dec  6 01:44:21 (none) user.info bootstrap: START screen 'fail'
Dec  6 01:44:27 (none) user.info bootstrap: START screen 'support'
Dec  6 01:44:30 (none) user.info bootstrap: Found USB stick (Generic Flash Disk) at /dev/sdb
Dec  6 01:44:30 (none) user.info bootstrap: system: mount  -t auto /dev/sdb1 /mnt/uri.OY0vHO
Dec  6 01:44:30 (none) user.info bootstrap: system: returned with exit status 0
Dec  6 01:44:30 (none) user.info bootstrap: /dev/sdb1 mounted
Dec  6 01:44:30 (none) user.info bootstrap: system: /usr/lib/bootstrap/hwd /mnt/uri.OY0vHO ASG

SUM 4.104-10 released

December 6, 2013, 2:02 am
$
0
0
Hi,
just saw that 4.104-10 was released at the end of November.
I hope it is safe to install in a production environment, as it is not yet offered via the integrated up2date in SUM.

Link to downloads:
Index of /SUM/v4/up2date/

Radius verweigert Anmeldung

December 6, 2013, 5:14 am
$
0
0
Hallo!

Ich habe meinen Windows Server mit AD für die UTM Konfiguriert damit ich diesen als Authentifizierungsserver auf der UTM eintragen.

Die Tests (Serververbindung und Benutzertest) funktionieren auf der UTM ohne Probleme jedoch kann ich mich am Benutzerportal nicht anmelden.

Nach dem ich auf "Login" geklickt habe erscheint bei mir im Log:
HTML Code:
2013:12:05-20:43:45 firewall aua[3240]: id="3006" severity="info" sys="System" sub="auth" name="Child 1374 is running too long. Terminating child"
2013:12:05-20:43:45 firewall aua[1549]: id="3006" severity="info" sys="System" sub="auth" name="Trying 10.1.1.2 (radius)"
2013:12:05-20:43:45 firewall aua[1549]: id="3005" severity="warn" sys="System" sub="auth" name="Authentication failed" srcip="10.1.1.10" user="manuel" caller="portal" reason=„DENIED“
Ich habe aber beim Windows Server den NAS Bezeichnet für das Benutzerportal (nas bez. "portal") hinterlegt.
Es steht auch im Log des Windows Servers, dass dem Benutzer Vollzugriff gewährt wird. Nur das Benutzerportal Meldet immer den Fehler: "Ungültiger Benutzername / Kennwort, oder Zugang Verweigert aufgrund einer internen Vorgabe."

Wisst Ihr vielleicht woran es hier scheitern könnte?

L.G.
fireb

IPv6 support through Rapid Deployment (rfc5969)

December 6, 2013, 6:05 am
$
0
0
Hi,

My provider supports IPv6 through RD (Rapid Deployment).
Will Sophos support this feature in future releases ?

Kind regards,

Bram
Search

Remote Lan to RED is slow

December 6, 2013, 7:50 am
$
0
0
Hi all, We have had this problem since before I started here. We have a RED 10 at a remote location, ping times from here to the RED are = 2ms, which is fine, however, if I ping to a machine beyond the RED, ping times are from 59 up to 250 ms. Pings from machine to machine in the remote lan are < 1ms, but ping from a machine in the remote lan to the RED are 59 to 250 ms. Even plugging a remote machine directly into the RED, eliminating the switch, I get the same high ping times? The device is set up as standard/unified. Can anyone tell me why the remote lan to the RED is so slow?

Thanks,

Richard

Publishing Exchange with Sophos UTM

December 6, 2013, 8:17 am
$
0
0
Hello.

We had an old ISA Server from Microsoft to publish our Exchangeserver and replaced it now with a Sophos UTM. I’m not really a firewall professional, so I thought maybe there is someone in this forum who can take a look at my configuration and give me some advice if I did something wrong. I did the same before with my configuration of the Webserver in the DMZ and I’m glad that a professional looked over it (http://www.astaro.org/gateway-produc...ophos-utm.html).
Hope that someone can have a look at this one too. Thanks in advance.

Firewall Profiles

In Firewall Profiles I made a new Profile where mode is set to drop and the only other thing that is enabled is Pass Outlook Anywhere. I’m not sure if this is a best practice or if I can get more security without breaking the services by enabling something other.

Real Webservers

Then I defined a Real Webserver and Type SSL (HTTPS) and Port 443.

Virtual Webservers

In Virtual Webserver I defined a Server for Exchange, an external Interface, Type SSL (HTTPS), Port 443 and my imported wildcard certificate. In Domains I added the domain names that I need for my Exchange Server and in Real Webservers I enabled my real webserver. For the firewall profile I took my profile for Exchange that I made before. And I enabled Pass Host Header.

Firewall

In the Firewall I made a rule from any to my Exchangeserver and vice versa for the service SMTP. Is this right even with activated Email Protection? If I understand that right, the SMTP Connection is from External to the utm for Email Protection and from there to the Exchangeserver. But it looks like the rule nevertheless has to be from any to Exchangeserver.

Email Protection

At the moment I still have Forefront Protection for Exchange but with the change to Sophos utm I also enabled Email Protection. Under Routing I added all domains we have and in the Host list I added my Exchangeserver.

Intrusion Prevention

I changed nothing in Intrusion Prevention, but since my internal Network is added at the Local networks of Intrusion Prevention I hope all the connections to the Exchange Server are secured by IPS.

I hope, I didn’t made something wrong and we’re safe. But I would feel more comfortable if someone of you could confirm this. Thanks.

[9.185] Intel E100e Driver error

December 6, 2013, 9:34 am
$
0
0
Got this error tonight
The USB connect is me on AMT remote after loose of connection:

Code:
2013:12:06-18:24:42 fw kernel: [69493.982765] PCI Status            <10>
2013:12:06-18:24:44 fw kernel: [69495.979990] e1000e 0000:00:19.0 eth1: Reset adapter unexpectedly
2013:12:06-18:24:44 fw kernel: [69496.164795] e1000e: eth1 NIC Link is Up 1000 Mbps Full Duplex, Flow Control: Rx/Tx
2013:12:06-18:24:46 fw kernel: [69497.980738] e1000e 0000:00:19.0 eth1: Detected Hardware Unit Hang:
2013:12:06-18:24:46 fw kernel: [69497.980738]  TDH                  <0>
2013:12:06-18:24:46 fw kernel: [69497.980738]  TDT                  <a>
2013:12:06-18:24:46 fw kernel: [69497.980738]  next_to_use          <a>
2013:12:06-18:24:46 fw kernel: [69497.980738]  next_to_clean        <0>
2013:12:06-18:24:46 fw kernel: [69497.980738] buffer_info[next_to_clean]:
2013:12:06-18:24:46 fw kernel: [69497.980738]  time_stamp          <101083c88>
2013:12:06-18:24:46 fw kernel: [69497.980738]  next_to_watch        <0>
2013:12:06-18:24:46 fw kernel: [69497.980738]  jiffies              <101083e4c>
2013:12:06-18:24:46 fw kernel: [69497.980738]  next_to_watch.status <0>
2013:12:06-18:24:46 fw kernel: [69497.980738] MAC Status            <80483>
2013:12:06-18:24:46 fw kernel: [69497.980738] PHY Status            <796d>
2013:12:06-18:24:46 fw kernel: [69497.980738] PHY 1000BASE-T Status  <3800>
2013:12:06-18:24:46 fw kernel: [69497.980738] PHY Extended Status    <3000>
2013:12:06-18:24:46 fw kernel: [69497.980738] PCI Status            <10>
2013:12:06-18:24:48 fw kernel: [69499.976854] e1000e 0000:00:19.0 eth1: Detected Hardware Unit Hang:
2013:12:06-18:24:48 fw kernel: [69499.976854]  TDH                  <0>
2013:12:06-18:24:48 fw kernel: [69499.976854]  TDT                  <a>
2013:12:06-18:24:48 fw kernel: [69499.976854]  next_to_use          <a>
2013:12:06-18:24:48 fw kernel: [69499.976854]  next_to_clean        <0>
2013:12:06-18:24:48 fw kernel: [69499.976854] buffer_info[next_to_clean]:
2013:12:06-18:24:48 fw kernel: [69499.976854]  time_stamp          <101083c88>
2013:12:06-18:24:48 fw kernel: [69499.976854]  next_to_watch        <0>
2013:12:06-18:24:48 fw kernel: [69499.976854]  jiffies              <101084040>
2013:12:06-18:24:48 fw kernel: [69499.976854]  next_to_watch.status <0>
2013:12:06-18:24:48 fw kernel: [69499.976854] MAC Status            <80483>
2013:12:06-18:24:48 fw kernel: [69499.976854] PHY Status            <796d>
2013:12:06-18:24:48 fw kernel: [69499.976854] PHY 1000BASE-T Status  <3800>
2013:12:06-18:24:48 fw kernel: [69499.976854] PHY Extended Status    <3000>
2013:12:06-18:24:48 fw kernel: [69499.976854] PCI Status            <10>
2013:12:06-18:24:50 fw kernel: [69501.974778] e1000e 0000:00:19.0 eth1: Detected Hardware Unit Hang:
2013:12:06-18:24:50 fw kernel: [69501.974778]  TDH                  <0>
2013:12:06-18:24:50 fw kernel: [69501.974778]  TDT                  <a>
2013:12:06-18:24:50 fw kernel: [69501.974778]  next_to_use          <a>
2013:12:06-18:24:50 fw kernel: [69501.974778]  next_to_clean        <0>
2013:12:06-18:24:50 fw kernel: [69501.974778] buffer_info[next_to_clean]:
2013:12:06-18:24:50 fw kernel: [69501.974778]  time_stamp          <101083c88>
2013:12:06-18:24:50 fw kernel: [69501.974778]  next_to_watch        <0>
2013:12:06-18:24:50 fw kernel: [69501.974778]  jiffies              <101084234>
2013:12:06-18:24:50 fw kernel: [69501.974778]  next_to_watch.status <0>
2013:12:06-18:24:50 fw kernel: [69501.974778] MAC Status            <80483>
2013:12:06-18:24:50 fw kernel: [69501.974778] PHY Status            <796d>
2013:12:06-18:24:50 fw kernel: [69501.974778] PHY 1000BASE-T Status  <3800>
2013:12:06-18:24:50 fw kernel: [69501.974778] PHY Extended Status    <3000>
2013:12:06-18:24:50 fw kernel: [69501.974778] PCI Status            <10>
2013:12:06-18:24:52 fw kernel: [69503.972717] e1000e 0000:00:19.0 eth1: Detected Hardware Unit Hang:
2013:12:06-18:24:52 fw kernel: [69503.972717]  TDH                  <0>
2013:12:06-18:24:52 fw kernel: [69503.972717]  TDT                  <a>
2013:12:06-18:24:52 fw kernel: [69503.972717]  next_to_use          <a>
2013:12:06-18:24:52 fw kernel: [69503.972717]  next_to_clean        <0>
2013:12:06-18:24:52 fw kernel: [69503.972717] buffer_info[next_to_clean]:
2013:12:06-18:24:52 fw kernel: [69503.972717]  time_stamp          <101083c88>
2013:12:06-18:24:52 fw kernel: [69503.972717]  next_to_watch        <0>
2013:12:06-18:24:52 fw kernel: [69503.972717]  jiffies              <101084428>
2013:12:06-18:24:52 fw kernel: [69503.972717]  next_to_watch.status <0>
2013:12:06-18:24:52 fw kernel: [69503.972717] MAC Status            <80483>
2013:12:06-18:24:52 fw kernel: [69503.972717] PHY Status            <796d>
2013:12:06-18:24:52 fw kernel: [69503.972717] PHY 1000BASE-T Status  <3800>
2013:12:06-18:24:52 fw kernel: [69503.972717] PHY Extended Status    <3000>
2013:12:06-18:24:52 fw kernel: [69503.972717] PCI Status            <10>
2013:12:06-18:24:54 fw kernel: [69505.969643] e1000e 0000:00:19.0 eth1: Reset adapter unexpectedly
2013:12:06-18:24:54 fw kernel: [69506.154432] e1000e: eth1 NIC Link is Up 1000 Mbps Full Duplex, Flow Control: Rx/Tx
2013:12:06-18:24:56 fw kernel: [69507.946301] e1000e 0000:00:19.0 eth1: Detected Hardware Unit Hang:
2013:12:06-18:24:56 fw kernel: [69507.946301]  TDH                  <0>
2013:12:06-18:24:56 fw kernel: [69507.946301]  TDT                  <9>
2013:12:06-18:24:56 fw kernel: [69507.946301]  next_to_use          <9>
2013:12:06-18:24:56 fw kernel: [69507.946301]  next_to_clean        <0>
2013:12:06-18:24:56 fw kernel: [69507.946301] buffer_info[next_to_clean]:
2013:12:06-18:24:56 fw kernel: [69507.946301]  time_stamp          <10108464c>
2013:12:06-18:24:56 fw kernel: [69507.946301]  next_to_watch        <0>
2013:12:06-18:24:56 fw kernel: [69507.946301]  jiffies              <10108480a>
2013:12:06-18:24:56 fw kernel: [69507.946301]  next_to_watch.status <0>
2013:12:06-18:24:56 fw kernel: [69507.946301] MAC Status            <80483>
2013:12:06-18:24:56 fw kernel: [69507.946301] PHY Status            <796d>
2013:12:06-18:24:56 fw kernel: [69507.946301] PHY 1000BASE-T Status  <3800>
2013:12:06-18:24:56 fw kernel: [69507.946301] PHY Extended Status    <3000>
2013:12:06-18:24:56 fw kernel: [69507.946301] PCI Status            <10>
��������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������2013:12:06-18:25:45 fw kernel: [  33.152291] NF_TPROXY: Transparent proxy support initialized, version 4.1.0
2013:12:06-18:25:45 fw kernel: [  33.152295] NF_TPROXY: Copyright (c) 2006-2007 BalaBit IT Ltd.
2013:12:06-18:25:52 fw kernel: [  39.741630] hwinfo: vm86 mode not supported on 64 bit kernel
2013:12:06-18:26:45 fw kernel: [  92.699826] e1000e 0000:00:19.0 eth1: Detected Hardware Unit Hang:
2013:12:06-18:26:45 fw kernel: [  92.699826]  TDH                  <0>
2013:12:06-18:26:45 fw kernel: [  92.699826]  TDT                  <ee>
2013:12:06-18:26:45 fw kernel: [  92.699826]  next_to_use          <ee>
2013:12:06-18:26:45 fw kernel: [  92.699826]  next_to_clean        <0>
2013:12:06-18:26:45 fw kernel: [  92.699826] buffer_info[next_to_clean]:
2013:12:06-18:26:45 fw kernel: [  92.699826]  time_stamp          <ffff334a>
2013:12:06-18:26:45 fw kernel: [  92.699826]  next_to_watch        <0>
2013:12:06-18:26:45 fw kernel: [  92.699826]  jiffies              <ffff35a7>
2013:12:06-18:26:45 fw kernel: [  92.699826]  next_to_watch.status <0>
2013:12:06-18:26:45 fw kernel: [  92.699826] MAC Status            <80483>
2013:12:06-18:26:45 fw kernel: [  92.699826] PHY Status            <796d>
2013:12:06-18:26:45 fw kernel: [  92.699826] PHY 1000BASE-T Status  <3800>
2013:12:06-18:26:45 fw kernel: [  92.699826] PHY Extended Status    <3000>
2013:12:06-18:26:45 fw kernel: [  92.699826] PCI Status            <10>
2013:12:06-18:26:47 fw kernel: [  94.697760] e1000e 0000:00:19.0 eth1: Detected Hardware Unit Hang:
2013:12:06-18:26:47 fw kernel: [  94.697760]  TDH                  <0>
2013:12:06-18:26:47 fw kernel: [  94.697760]  TDT                  <ee>
2013:12:06-18:26:47 fw kernel: [  94.697760]  next_to_use          <ee>
2013:12:06-18:26:47 fw kernel: [  94.697760]  next_to_clean        <0>
2013:12:06-18:26:47 fw kernel: [  94.697760] buffer_info[next_to_clean]:
2013:12:06-18:26:47 fw kernel: [  94.697760]  time_stamp          <ffff334a>
2013:12:06-18:26:47 fw kernel: [  94.697760]  next_to_watch        <0>
2013:12:06-18:26:47 fw kernel: [  94.697760]  jiffies              <ffff379b>
2013:12:06-18:26:47 fw kernel: [  94.697760]  next_to_watch.status <0>
2013:12:06-18:26:47 fw kernel: [  94.697760] MAC Status            <80483>
2013:12:06-18:26:47 fw kernel: [  94.697760] PHY Status            <796d>
2013:12:06-18:26:47 fw kernel: [  94.697760] PHY 1000BASE-T Status  <3800>
2013:12:06-18:26:47 fw kernel: [  94.697760] PHY Extended Status    <3000>
2013:12:06-18:26:47 fw kernel: [  94.697760] PCI Status            <10>
2013:12:06-18:26:49 fw kernel: [  96.695720] e1000e 0000:00:19.0 eth1: Detected Hardware Unit Hang:
2013:12:06-18:26:49 fw kernel: [  96.695720]  TDH                  <0>
2013:12:06-18:26:49 fw kernel: [  96.695720]  TDT                  <ee>
2013:12:06-18:26:49 fw kernel: [  96.695720]  next_to_use          <ee>
2013:12:06-18:26:49 fw kernel: [  96.695720]  next_to_clean        <0>
2013:12:06-18:26:49 fw kernel: [  96.695720] buffer_info[next_to_clean]:
2013:12:06-18:26:49 fw kernel: [  96.695720]  time_stamp          <ffff334a>
2013:12:06-18:26:49 fw kernel: [  96.695720]  next_to_watch        <0>
2013:12:06-18:26:49 fw kernel: [  96.695720]  jiffies              <ffff398f>
2013:12:06-18:26:49 fw kernel: [  96.695720]  next_to_watch.status <0>
2013:12:06-18:26:49 fw kernel: [  96.695720] MAC Status            <80483>
2013:12:06-18:26:49 fw kernel: [  96.695720] PHY Status            <796d>
2013:12:06-18:26:49 fw kernel: [  96.695720] PHY 1000BASE-T Status  <3800>
2013:12:06-18:26:49 fw kernel: [  96.695720] PHY Extended Status    <3000>
2013:12:06-18:26:49 fw kernel: [  96.695720] PCI Status            <10>
2013:12:06-18:26:51 fw kernel: [  98.693672] e1000e 0000:00:19.0 eth1: Detected Hardware Unit Hang:
2013:12:06-18:26:51 fw kernel: [  98.693672]  TDH                  <0>
2013:12:06-18:26:51 fw kernel: [  98.693672]  TDT                  <ee>
2013:12:06-18:26:51 fw kernel: [  98.693672]  next_to_use          <ee>
2013:12:06-18:26:51 fw kernel: [  98.693672]  next_to_clean        <0>
2013:12:06-18:26:51 fw kernel: [  98.693672] buffer_info[next_to_clean]:
2013:12:06-18:26:51 fw kernel: [  98.693672]  time_stamp          <ffff334a>
2013:12:06-18:26:51 fw kernel: [  98.693672]  next_to_watch        <0>
2013:12:06-18:26:51 fw kernel: [  98.693672]  jiffies              <ffff3b83>
2013:12:06-18:26:51 fw kernel: [  98.693672]  next_to_watch.status <0>
2013:12:06-18:26:51 fw kernel: [  98.693672] MAC Status            <80483>
2013:12:06-18:26:51 fw kernel: [  98.693672] PHY Status            <796d>
2013:12:06-18:26:51 fw kernel: [  98.693672] PHY 1000BASE-T Status  <3800>
2013:12:06-18:26:51 fw kernel: [  98.693672] PHY Extended Status    <3000>
2013:12:06-18:26:51 fw kernel: [  98.693672] PCI Status            <10>
2013:12:06-18:26:52 fw kernel: [  99.703841] ------------[ cut here ]------------
2013:12:06-18:26:52 fw kernel: [  99.703849] WARNING: at net/sched/sch_generic.c:254 dev_watchdog+0xe7/0x182()
2013:12:06-18:26:52 fw kernel: [  99.703851] Hardware name: Intense-PC
2013:12:06-18:26:52 fw kernel: [  99.703852] NETDEV WATCHDOG: eth1 (e1000e): transmit queue 0 timed out
2013:12:06-18:26:52 fw kernel: [  99.703853] Modules linked in: ipt_MASQUERADE xt_nat nf_nat_ftp nf_conntrack_ftp sr_mod cdrom xt_hashlimit xt_connlabel xt_TPROXY nf_tproxy_core xt_socket xt_NFQUEUE xt_connmark xt_REDIRECT xt_limit xt_recent xt_mark xt_set xt_psd(O) xt_addrtype xt_tcpudp xt_policy xt_multiport ip_set_hash_ip nf_nat_irc nf_conntrack_irc nls_utf8 hfsplus tun nfnetlink_queue ip_set_hash_net 8021q ebt_arp bridge stp llc ebtable_filter ebtables redv2_netlink ip6table_ips ip6table_mangle ip6table_nat nf_nat_ipv6 iptable_ips af_packet iptable_mangle iptable_nat nf_nat_ipv4 nf_nat xt_NFLOG xt_condition(O) xt_logmark xt_confirmed xt_owner ip6t_REJECT ipt_REJECT xt_state ip_set red2 ip_scheduler red nfnetlink_log nf_conntrack_ipv6 nf_defrag_ipv6 ip6table_filter ip6table_raw nf_conntrack_ipv4 nf_defrag_ipv4 xt_conntrack iptable_filter iptable_raw xt_CT nf_conntrack_netlink nfnetlink nf_conntrack ip6_tables ip_tables x_tables ipv6 loop hid_generic usbhid acpi_cpufreq rtc_cmos mperf crc32c_intel evdev container aesni_intel ablk_helper cryptd lrw aes_x86_64 aes_generic xts gf128mul coretemp microcode r8169 mii i2c_i801 pcspkr button ac sg ehci_pci ehci_hcd e1000e(O) thermal fan sd_mod xhci_hcd processor thermal_sys hwmon edd ahci libahci libata scsi_mod [last unloaded: nf_conntrack_ftp]
2013:12:06-18:26:52 fw kernel: [  99.703911] Pid: 0, comm: swapper/2 Tainted: G          O 3.8.13.6-18.g9aea9e6-smp64 #1
2013:12:06-18:26:52 fw kernel: [  99.703912] Call Trace:
2013:12:06-18:26:52 fw kernel: [  99.703914]  <IRQ>  [<ffffffff81290986>] ? dev_watchdog+0xe7/0x182
2013:12:06-18:26:52 fw kernel: [  99.703919]  [<ffffffff81034905>] ? warn_slowpath_common+0x78/0x8d
2013:12:06-18:26:52 fw kernel: [  99.703922]  [<ffffffff8129089f>] ? netif_tx_lock+0x7e/0x7e
2013:12:06-18:26:52 fw kernel: [  99.703924]  [<ffffffff810349b4>] ? warn_slowpath_fmt+0x45/0x4a
2013:12:06-18:26:52 fw kernel: [  99.703926]  [<ffffffff81290864>] ? netif_tx_lock+0x43/0x7e
2013:12:06-18:26:52 fw kernel: [  99.703931]  [<ffffffff81290986>] ? dev_watchdog+0xe7/0x182
2013:12:06-18:26:52 fw kernel: [  99.703933]  [<ffffffff8103eb88>] ? call_timer_fn+0x1b/0x6e
2013:12:06-18:26:52 fw kernel: [  99.703935]  [<ffffffff8103ed47>] ? run_timer_softirq+0x16c/0x1b3
2013:12:06-18:26:52 fw kernel: [  99.703939]  [<ffffffff8105d187>] ? timekeeping_get_ns+0x12/0x35
2013:12:06-18:26:52 fw kernel: [  99.703941]  [<ffffffff8103a97f>] ? __do_softirq+0x9d/0x15f
2013:12:06-18:26:52 fw kernel: [  99.703944]  [<ffffffff81062452>] ? clockevents_program_event+0x9a/0xb9
2013:12:06-18:26:52 fw kernel: [  99.703947]  [<ffffffff81255c5a>] ? disable_cpuidle+0xb/0xb
2013:12:06-18:26:52 fw kernel: [  99.703950]  [<ffffffff8130321c>] ? call_softirq+0x1c/0x30
2013:12:06-18:26:52 fw kernel: [  99.703953]  [<ffffffff81009fa3>] ? do_softirq+0x3f/0x79
2013:12:06-18:26:52 fw kernel: [  99.703955]  [<ffffffff8103a774>] ? irq_exit+0x43/0xb1
2013:12:06-18:26:52 fw kernel: [  99.703958]  [<ffffffff81023636>] ? smp_apic_timer_interrupt+0x85/0x93
2013:12:06-18:26:52 fw kernel: [  99.703960]  [<ffffffff81302add>] ? apic_timer_interrupt+0x6d/0x80
2013:12:06-18:26:52 fw kernel: [  99.703961]  <EOI>  [<ffffffff8104f5a5>] ? __hrtimer_start_range_ns+0x271/0x284
2013:12:06-18:26:52 fw kernel: [  99.703966]  [<ffffffff811af7ba>] ? __setup_broadcast_timer+0x2d/0x2d
2013:12:06-18:26:52 fw kernel: [  99.703968]  [<ffffffff812561d2>] ? cpuidle_wrap_enter+0x3c/0x71
2013:12:06-18:26:52 fw kernel: [  99.703971]  [<ffffffff812561c8>] ? cpuidle_wrap_enter+0x32/0x71
2013:12:06-18:26:52 fw kernel: [  99.703973]  [<ffffffff81255c76>] ? cpuidle_enter_state+0xa/0x33
2013:12:06-18:26:52 fw kernel: [  99.703975]  [<ffffffff812560f8>] ? cpuidle_idle_call+0x9e/0xcc
2013:12:06-18:26:52 fw kernel: [  99.703977]  [<ffffffff8100ef65>] ? cpu_idle+0x61/0xa9
2013:12:06-18:26:52 fw kernel: [  99.703979] ---[ end trace a0bb4d3a1170cbaf ]---
2013:12:06-18:26:52 fw kernel: [  99.703989] e1000e 0000:00:19.0 eth1: Reset adapter unexpectedly
2013:12:06-18:26:52 fw kernel: [  99.881787] e1000e: eth1 NIC Link is Up 1000 Mbps Full Duplex, Flow Control: None
2013:12:06-18:27:02 fw kernel: [  109.706365] e1000e 0000:00:19.0 eth1: Detected Hardware Unit Hang:
2013:12:06-18:27:02 fw kernel: [  109.706365]  TDH                  <47>
2013:12:06-18:27:02 fw kernel: [  109.706365]  TDT                  <e>
2013:12:06-18:27:02 fw kernel: [  109.706365]  next_to_use          <e>
2013:12:06-18:27:02 fw kernel: [  109.706365]  next_to_clean        <47>
2013:12:06-18:27:02 fw kernel: [  109.706365] buffer_info[next_to_clean]:
2013:12:06-18:27:02 fw kernel: [  109.706365]  time_stamp          <ffff43bb>
2013:12:06-18:27:02 fw kernel: [  109.706365]  next_to_watch        <48>
2013:12:06-18:27:02 fw kernel: [  109.706365]  jiffies              <ffff4647>
2013:12:06-18:27:02 fw kernel: [  109.706365]  next_to_watch.status <0>
2013:12:06-18:27:02 fw kernel: [  109.706365] MAC Status            <80483>
2013:12:06-18:27:02 fw kernel: [  109.706365] PHY Status            <796d>
2013:12:06-18:27:02 fw kernel: [  109.706365] PHY 1000BASE-T Status  <3800>
2013:12:06-18:27:02 fw kernel: [  109.706365] PHY Extended Status    <3000>
2013:12:06-18:27:02 fw kernel: [  109.706365] PCI Status            <10>
2013:12:06-18:27:04 fw kernel: [  111.704261] e1000e 0000:00:19.0 eth1: Detected Hardware Unit Hang:
2013:12:06-18:27:04 fw kernel: [  111.704261]  TDH                  <47>
2013:12:06-18:27:04 fw kernel: [  111.704261]  TDT                  <e>
2013:12:06-18:27:04 fw kernel: [  111.704261]  next_to_use          <e>
2013:12:06-18:27:04 fw kernel: [  111.704261]  next_to_clean        <47>
2013:12:06-18:27:04 fw kernel: [  111.704261] buffer_info[next_to_clean]:
2013:12:06-18:27:04 fw kernel: [  111.704261]  time_stamp          <ffff43bb>
2013:12:06-18:27:04 fw kernel: [  111.704261]  next_to_watch        <48>
2013:12:06-18:27:04 fw kernel: [  111.704261]  jiffies              <ffff483b>
2013:12:06-18:27:04 fw kernel: [  111.704261]  next_to_watch.status <0>
2013:12:06-18:27:04 fw kernel: [  111.704261] MAC Status            <80483>
2013:12:06-18:27:04 fw kernel: [  111.704261] PHY Status            <796d>
2013:12:06-18:27:04 fw kernel: [  111.704261] PHY 1000BASE-T Status  <3800>
2013:12:06-18:27:04 fw kernel: [  111.704261] PHY Extended Status    <3000>
2013:12:06-18:27:04 fw kernel: [  111.704261] PCI Status            <10>
2013:12:06-18:27:06 fw kernel: [  113.702243] e1000e 0000:00:19.0 eth1: Detected Hardware Unit Hang:
2013:12:06-18:27:06 fw kernel: [  113.702243]  TDH                  <47>
2013:12:06-18:27:06 fw kernel: [  113.702243]  TDT                  <e>
2013:12:06-18:27:06 fw kernel: [  113.702243]  next_to_use          <e>
2013:12:06-18:27:06 fw kernel: [  113.702243]  next_to_clean        <47>
2013:12:06-18:27:06 fw kernel: [  113.702243] buffer_info[next_to_clean]:
2013:12:06-18:27:06 fw kernel: [  113.702243]  time_stamp          <ffff43bb>
2013:12:06-18:27:06 fw kernel: [  113.702243]  next_to_watch        <48>
2013:12:06-18:27:06 fw kernel: [  113.702243]  jiffies              <ffff4a2f>
2013:12:06-18:27:06 fw kernel: [  113.702243]  next_to_watch.status <0>
2013:12:06-18:27:06 fw kernel: [  113.702243] MAC Status            <80483>
2013:12:06-18:27:06 fw kernel: [  113.702243] PHY Status            <796d>
2013:12:06-18:27:06 fw kernel: [  113.702243] PHY 1000BASE-T Status  <3800>
2013:12:06-18:27:06 fw kernel: [  113.702243] PHY Extended Status    <3000>
2013:12:06-18:27:06 fw kernel: [  113.702243] PCI Status            <10>
2013:12:06-18:27:07 fw kernel: [  114.712443] e1000e 0000:00:19.0 eth1: Reset adapter unexpectedly
2013:12:06-18:27:07 fw kernel: [  114.810500] e1000e: eth1 NIC Link is Up 1000 Mbps Full Duplex, Flow Control: None
2013:12:06-18:27:14 fw kernel: [  121.173754] usb 4-3: USB disconnect, device number 3
2013:12:06-18:27:22 fw kernel: [  129.149467] usb 4-3: new high-speed USB device number 4 using ehci-pci
2013:12:06-18:27:22 fw kernel: [  129.282203] usb 4-3: New USB device found, idVendor=8086, idProduct=006c
2013:12:06-18:27:22 fw kernel: [  129.282216] usb 4-3: New USB device strings: Mfr=1, Product=2, SerialNumber=3
2013:12:06-18:27:22 fw kernel: [  129.282224] usb 4-3: Product: USBr Composite Device
2013:12:06-18:27:22 fw kernel: [  129.282232] usb 4-3: Manufacturer: Intel
2013:12:06-18:27:22 fw kernel: [  129.282238] usb 4-3: SerialNumber: 0001
2013:12:06-18:27:22 fw kernel: [  129.283725] input: Intel USBr Composite Device as /devices/pci0000:00/0000:00:1d.0/usb4/4-3/4-3:1.0/input/input8
2013:12:06-18:27:22 fw kernel: [  129.283936] hid-generic 0003:8086:006C.0004: input,hidraw0: USB HID v1.10 Keyboard [Intel USBr Composite Device] on usb-0000:00:1d.0-3/input0
2013:12:06-18:27:22 fw kernel: [  129.285211] input: Intel USBr Composite Device as /devices/pci0000:00/0000:00:1d.0/usb4/4-3/4-3:1.1/input/input9
2013:12:06-18:27:22 fw kernel: [  129.285541] hid-generic 0003:8086:006C.0005: input,hidraw1: USB HID v1.10 Mouse [Intel USBr Composite Device] on usb-0000:00:1d.0-3/input1
2013:12:06-18:27:22 fw kernel: [  129.286710] input: Intel USBr Composite Device as /devices/pci0000:00/0000:00:1d.0/usb4/4-3/4-3:1.2/input/input10
2013:12:06-18:27:22 fw kernel: [  129.286896] hid-generic 0003:8086:006C.0006: input,hidraw2: USB HID v1.10 Mouse [Intel USBr Composite Device] on usb-0000:00:1d.0-3/input2
2013:12:06-18:27:27 fw kernel: [  134.264599] usb 4-3: USB disconnect, device number 4

Force all SMTP Out One Address?

December 6, 2013, 10:47 am
$
0
0
What is the best way to ensure that all outgoing SMTP traffic goes out a specific additional address? I know this can be done if it were on its own interface, with a multipath or policy route, but how is this best done with an additional address?

How does additional address work?

December 6, 2013, 1:10 pm
$
0
0
I was playing with additional address in Sophos and TMG. But i just don't understand how it works. Because Additional address seems to be bound to the default first WAN address.

I have a Cisco with 3 WAN ranges (example) that the 2 firewalls connect to
IP pack 1: 1.1.1.0/24
IP pack 2: 2.2.2.0/24
IP pack 3: 3.3.3.0/24

TMG WAN IP: 1.1.1.1/24
Additional address 2.2.2.1/24

Sophos WAN IP: 3.3.3.1/24
Additional address 2.2.2.2/24

With TMG i can access both 1.1.1.1/24 & 2.2.2.1/24 from the internet.
On the Sophos you can access 3.3.3.1/24 but can't connect to the Additional address 2.2.2.2/24

When you connect from the internet -> to 2.2.2.2, how does the cisco know how to forward the packets to the Sophos alternate address 2.2.2.2/24?

How do you troubleshoot routing to alternate address?

I have seen thread before where users don't see DNAT packets coming in on the alternate address when there are IP packs in multiple subnets. Question is why?

[9.185][Open] Wildcard Certificate Support for HTTP to HTTPS Redirection

December 7, 2013, 6:32 am
$
0
0
hi all,
it's not possible to redirect http to https in WAF when I use a wildcard certificate. When I try this, the web ui give us the following hint.

"Please provide a non-wildcard domain as the target for the redirection from HTTP to HTTPS."

regards
mod

Firewall Durchsatz

December 7, 2013, 8:52 am
$
0
0
Hallo Zusammen,


ich habe die Sophos Software auf einem kleinen Rechner installiert. Soweit läuft auch alles super, aber ich finde den Firewall Durchsatz etwas gering.

Wo kann ich noch schrauben, dass der Durchsatz gesteigert wird?

Kurz zur Hardware:

Mini-ITX Board mit Intel®-Atom-Prozessor-D2500 (2x 1,8GHZ??)
4GB RAM
500 GB HDD (5400rpm)
2xGigabit Onboard

Ich habe auf dem internen Interface 2 VLAN's eins für die DMZ und eins für intern. Wenn ich dateien von der DMZ ins interne Netz kopiere komme ich auf einen durchsatz von 3-6MB/s (Anzeige in Windows) wenn ich das ohne Firewall dazwischen mache komme ich auf 30-50 MB/s)

Die Firewall selbst ist aber nicht ausgelastet (CPU bei 30 - 50%) RAM und HDD genug frei.

Was kann ich noch machen um hier schneller zu werden??

mfg
Xeogx
Search

[9.185][BUG] Web_Filtering-Global.htm out of date

December 7, 2013, 9:46 am
$
0
0
https://<appliance>:4444/help/en_US/Content/ASG/webprot/Web_Filtering-Global.htm points number 2/5 and 3/6 are duplicates. Points 3/6 do not match the current dialog

Raspberry PI VPN network

December 7, 2013, 12:57 pm
$
0
0
Hi..

I'm currently setting up a network whit headless rPI
and i like them to report home to my network by VPN.
this way i can run SSH/FTP/HTTP/etc. from home computer out to the rPI sites thats connected.
i have now 4 rPI at disposal and now installing openvpn.
before i start connecting the rPI to my Sophos, I'd like to configre the UTM correctly cause i think i need some try/error/diag/++ to get this going, and knowing my sophos is correct make it more easy to diag the rPI's.
At VPN i have Zero knowledge, so.... what i think my VPN structure should look like:

20+ rPI w/openvpn
the rPIs are given IP from the Sophos,
rPIs are accessing Internet trough the VPN connection and not the wan local connection.
rPIs a just allowed to access my internal server in home network (192.168.0.202) and my personal computer. all other devices cannot access the rPIs.
get the rPIs static dresses like dns/ip so i know what rIP i accessing.

over time i think this network is going to expand and I'd like to keep it easy so future expand is not time eating operation.

does anyone have the time and desire to help me achieve this?

Dan

Info on new up2dates

December 7, 2013, 1:16 pm
$
0
0
I saw they had a beta test for 9.180021, but I was curious what fixes are in it.

We've been having several issues with REDs dropping connection for no reason and hoping one of these releases is going to fix it.

Another Routing Question

December 7, 2013, 1:38 pm
$
0
0
Hi All,

I am trying to route between to firewalls that are directly connected. I am using one firewall as my perimeter and the other astaro as my dmz firewall. I believe I may have my masquerading rules wrong.

so for example, lets say I have a 172.22.1.0/24 network behind the DMZ firewall and a 10.0.0.0/24 network behind my perimeter firewall.

Normally I would just create routes on my palo alto firewalls to accomplish this and they talk fine.

How would I accomplish this on the sophos firewalls? do i need a proxy arp on the 172 interface and static routes and firewall rules?

Any help is greatly appreciated.

Endpoint Protection

December 7, 2013, 2:24 pm
$
0
0
Hallo Zusammen,

Ich benützte die Astaro Endpoint Protection. Coole Sache :-)

Eine Frage habe ich noch dazu?
- Kann man die Endpoint Protection auch auf Users festlegen?

Ziel:
- Einen Laptop mit zwei User
- Einen Benutzer darf alles
- Der zweite Benutzer soll keinen Zugriff auf den Datenspeicher und Wireless haben

Ist das möglich, dass man diese Konfiguration mit dem Endpoint Protection durchführt? Wenn ja, wie muss ich Vorgehen?

Vielen Dank für die Hilfe.

Gruss
zeus1976
Viewing all 14361 articles
Browse latest View live
Search