skb_warn_bad_offload Kernel error on packet routing

September 4, 2014, 11:59 am

≫ Next: SSD für UTM Server?

≪ Previous: [9.206] Intel E1000E adapter hung

$

0

0

I am setting up a new Sophos UTM (Business Essentials), in addition to other licensed UTMs. This new one hangs off a licensed one as a VM guest. This is the second install of this kind I have done. The first one works fine. This one is having an issue.

The only difference between the two setups is that this new one has only a single bridged interface for the guest, the intention is to VLAN interfaces within Sophos.

I configured a subnet behind the UTM, and response packets from external hosts with length less than 1000 route though okay. When the packet length is above 1500, the first few packets do not make it from the external interface to the subnet route. But the last packet, that is under length of 1000 makes it.

I performed a tcpdump on both the external interface and internal subnet interface, and have verified this is true. Packets make it to the external interface, but the ones with a length of 1500 do not route to the internal subnet interface.

I am not having this issue on the first UTM setup that is similar to this topology. The configuration is the same between them, except they are on different remote networks, and newest setup uses a single untagged (KVM) virtio network card, where as the prior uses multiple bridged VLAN tagged interfaces.

MTU is 1500 on all interfaces.

After watching the logs, I see this error appearing, and subsequent discussion on the Internet point to a similar issue as I am experiencing, and question a possible bug in the
kernel.

2014:09:04-13:41:35 net301ima kernel: [ 2375.772054] ------------[ cut here ]------------
2014:09:04-13:41:35 net301ima kernel: [ 2375.772067] WARNING: at net/core/dev.c:2033 skb_warn_bad_offload+0xb8/0xc0()
2014:09:04-13:41:35 net301ima kernel: [ 2375.772070] Hardware name: KVM
2014:09:04-13:41:35 net301ima kernel: [ 2375.772074] : caps=(0x0000000000005020, 0x0000000000000000) len=1500 data_len=1390 gso_size=1448 gso_type=5 ip_summed=1
2014:09:04-13:41:35 net301ima kernel: [ 2375.772076] Modules linked in: sd_mod xt_connmark xt_tcpudp xt_multiport xt_set xt_addrtype ip_set_hash_net ip_set_hash_ip nf_nat_pptp nf_nat_proto_gre nf_nat_irc nf_nat_ftp nf_conntrack_pptp nf_conntrack_proto_gre nf_conntrack_irc nf_conntrack_ftp af_packet 8021q ebtable_filter ebtables bridge stp llc redv2_netlink ip6table_ips ip6table_mangle ip6table_nat nf_nat_ipv6 iptable_ips iptable_mangle iptable_nat nf_nat_ipv4 nf_nat xt_NFLOG xt_condition(O) xt_logmark xt_confirmed xt_owner ip6t_REJECT ipt_REJECT xt_state ip_set red2 ip_scheduler red nfnetlink_log mperf nf_conntrack_ipv6 nf_defrag_ipv6 ip6table_filter ip6table_raw nf_conntrack_ipv4 nf_defrag_ipv4 xt_conntrack iptable_filter iptable_raw xt_CT nf_conntrack_netlink nfnetlink nf_conntrack ip6_tables ip_tables x_tables ipv6 loop sg button virtio_net rtc_cmos sr_mod cdrom pcspkr i2c_piix4 evdev virtio_balloon microcode uhci_hcd ehci_hcd virtio_blk processor thermal_sys hwmon pata_acpi ata_generic edd ata_piix libata scsi_mod virtio_pci virtio_ring virtio hid_generic usbhid
2014:09:04-13:41:35 net301ima kernel: [ 2375.772166] Pid: 0, comm: swapper/0 Tainted: G W O 3.8.13.15-110.g4be5643-smp #1
2014:09:04-13:41:35 net301ima kernel: [ 2375.772168] Call Trace:
2014:09:04-13:41:35 net301ima kernel: [ 2375.772174] [<c1209fde>] ? skb_warn_bad_offload+0xb8/0xc0
2014:09:04-13:41:35 net301ima kernel: [ 2375.772179] [<c102877a>] ? warn_slowpath_common+0x7b/0x90
2014:09:04-13:41:35 net301ima kernel: [ 2375.772183] [<c1209fde>] ? skb_warn_bad_offload+0xb8/0xc0
2014:09:04-13:41:35 net301ima kernel: [ 2375.772187] [<c1028817>] ? warn_slowpath_fmt+0x33/0x37
2014:09:04-13:41:35 net301ima kernel: [ 2375.772191] [<c1209fde>] ? skb_warn_bad_offload+0xb8/0xc0
2014:09:04-13:41:35 net301ima kernel: [ 2375.772195] [<c120ad2b>] ? skb_gso_segment+0x9b/0x1d9
2014:09:04-13:41:35 net301ima kernel: [ 2375.772199] [<c120b28b>] ? dev_hard_start_xmit+0x1d4/0x37f
2014:09:04-13:41:35 net301ima kernel: [ 2375.772203] [<c120b606>] ? dev_queue_xmit+0x1d0/0x263
2014:09:04-13:41:35 net301ima kernel: [ 2375.772209] [<c122fd64>] ? ip_finish_output2+0x27a/0x2c3
2014:09:04-13:41:35 net301ima kernel: [ 2375.772212] [<c122c3f3>] ? skb_dst+0x7/0x7
2014:09:04-13:41:35 net301ima kernel: [ 2375.772216] [<c122fdad>] ? ip_finish_output2+0x2c3/0x2c3
2014:09:04-13:41:35 net301ima kernel: [ 2375.772220] [<c122f06e>] ? NF_HOOK_COND+0x4f/0x56
2014:09:04-13:41:35 net301ima kernel: [ 2375.772224] [<c122fdad>] ? ip_finish_output2+0x2c3/0x2c3
2014:09:04-13:41:35 net301ima kernel: [ 2375.772227] [<c122f0f7>] ? ip_output+0x82/0x88
2014:09:04-13:41:35 net301ima kernel: [ 2375.772231] [<c122fdad>] ? ip_finish_output2+0x2c3/0x2c3
2014:09:04-13:41:35 net301ima kernel: [ 2375.772235] [<c120fd89>] ? dst_output+0x9/0xa
2014:09:04-13:41:35 net301ima kernel: [ 2375.772239] [<c122b39a>] ? ip_rcv_finish+0x27d/0x293
2014:09:04-13:41:35 net301ima kernel: [ 2375.772243] [<c122b11d>] ? ip_rcv+0x277/0x277
2014:09:04-13:41:35 net301ima kernel: [ 2375.772246] [<c122ae9f>] ? NF_HOOK+0x48/0x4f
2014:09:04-13:41:35 net301ima kernel: [ 2375.772263] [<c122b11d>] ? ip_rcv+0x277/0x277
2014:09:04-13:41:35 net301ima kernel: [ 2375.772272] [<c122b0e6>] ? ip_rcv+0x240/0x277
2014:09:04-13:41:35 net301ima kernel: [ 2375.772275] [<c122b11d>] ? ip_rcv+0x277/0x277
2014:09:04-13:41:35 net301ima kernel: [ 2375.772279] [<c1208d32>] ? __netif_receive_skb+0x424/0x475
2014:09:04-13:41:35 net301ima kernel: [ 2375.772283] [<c1202d5a>] ? build_skb+0x27/0xb5
2014:09:04-13:41:35 net301ima kernel: [ 2375.772287] [<c120a3b9>] ? netif_receive_skb+0x63/0x68
2014:09:04-13:41:35 net301ima kernel: [ 2375.772297] [<f83c0ff4>] ? virtnet_poll+0x47d/0x563 [virtio_net]
2014:09:04-13:41:35 net301ima kernel: [ 2375.772303] [<c120a854>] ? net_rx_action+0x91/0x1b1
2014:09:04-13:41:35 net301ima kernel: [ 2375.772308] [<c102e0f0>] ? __do_softirq+0x84/0x143
2014:09:04-13:41:35 net301ima kernel: [ 2375.772312] [<c102e06c>] ? irq_enter+0x4d/0x4d
2014:09:04-13:41:35 net301ima kernel: [ 2375.772314] <IRQ> [<c102df40>] ? irq_exit+0x2f/0x92
2014:09:04-13:41:35 net301ima kernel: [ 2375.772321] [<c100307f>] ? do_IRQ+0x81/0x95
2014:09:04-13:41:35 net301ima kernel: [ 2375.772324] [<c102dfa2>] ? irq_exit+0x91/0x92
2014:09:04-13:41:35 net301ima kernel: [ 2375.772329] [<c101afee>] ? smp_apic_timer_interrupt+0x6f/0x7b
2014:09:04-13:41:35 net301ima kernel: [ 2375.772334] [<c127b80c>] ? common_interrupt+0x2c/0x31
2014:09:04-13:41:35 net301ima kernel: [ 2375.772339] [<c10205e9>] ? native_safe_halt+0x2/0x3
2014:09:04-13:41:35 net301ima kernel: [ 2375.772343] [<c1007773>] ? default_idle+0x1c/0x31
2014:09:04-13:41:35 net301ima kernel: [ 2375.772346] [<c100797a>] ? cpu_idle+0x52/0x71
2014:09:04-13:41:35 net301ima kernel: [ 2375.772350] [<c1378a63>] ? start_kernel+0x31d/0x322
2014:09:04-13:41:35 net301ima kernel: [ 2375.772354] [<c137858b>] ? repair_env_string+0x4f/0x4f
2014:09:04-13:41:35 net301ima kernel: [ 2375.772357] ---[ end trace 49019babd7ff281d ]---

---

SSD für UTM Server?

September 4, 2014, 1:19 pm

≫ Next: Poor download/upload performance

≪ Previous: skb_warn_bad_offload Kernel error on packet routing

$

0

0

Hallo,

ich wollte einfach mal fragen ob jemand von euch eine SSD für den UTM-Server nutzt und wenn ja welche Marke. Und wenn ich schon dabei bin: Welche signifikanten Vorteile bringt sie gegenüber einer herkömmlichen HDD in diesem Einsatzbereich?

Ich spiele nämlich schon länger mit dem Gedanken meine HDD durch eine SSD zu ersetzten, ich weiß nur noch nicht ob das tatsächlich so viel mehr bringt.

Danke schon mal für eure Antworten. :)

Poor download/upload performance

September 4, 2014, 5:03 pm

≫ Next: Proxy only reachable via hostname, not over IP

≪ Previous: SSD für UTM Server?

$

0

0

Hi! New user here.

I've recently installed UTM 9 Home (latest version) on my small box (Atom D2550, 4GB, 32GB SSD, Dual 1GB Broadcom BCM 57788 NICs). I had pfSense installed before, but decided to try Sophos.

Anyway, after installation I noticed that my speed decreased quite a bit. My ISP is Comcast and I'm paying for a 50/10 line, but during speed tests with direct connection to a PC or through pfSense (same hardware) I was getting more like 120/12.

With the Sophos installed now I'm getting 45/8.5, and this is with just Firewall protection. If I enable Web protection and IPS the speed is about 43/7.5. What the heck?

I ran top command in the terminal to check CPU load. When IPS is enabled I see that Snort uses 99% of one of the cores (being single-threaded I know that's the limiting factor for me with IPS on). However, without IPS during speed tests (firewall only) the CPU idle stays at about 90%, so the limiting factor doesn't seem to be any of the processes nor the CPU.

I connected my modem directly to my PC and I was again getting the 120/12 speeds. I connected back to Sophos box and again slow speeds. I went as far as duplicating my PC's MAC address on the external NIC. Still the same slower speed.

The interesting thing is that during the speedtest (speedtest.net) my download speed (with FW only) stays right at 45mbps, doesn't go above, just a straight line on the graph. As if something is "throttling" the speed. I checked my QoS and no throttling there (I had it there for VoIP QoS, but disabled it).

I'm out of ideas here. Either something in the Sophos software stack is limiting the speed or something is up with my NICs (but I had pfSense installed on the same exact hardware and was getting the 110/12 speeds, and that's with snort ON, maxing out 1 core).

Any help would be appreciated!

Thanks a lot!

Proxy only reachable via hostname, not over IP

September 4, 2014, 10:41 pm

≫ Next: HTML5 video blocked on iOS devices

≪ Previous: Poor download/upload performance

$

0

0

Hello,

I'm running Sophos UTM 9, (Firmware version: 9.205-12), and I'm experiencing a strange behavior.

On the client machines is running Windows 7 Enterprise, Service Pack 1.

The web proxy requires authentication of the clients which is done via Active Directory and which works fine.

However, when the proxy settings of Internet Explorer (version 11) is set to use Address 10.0.0.1 and Port: 8080, Internet Explorer acts as if there was no connection at all. No trying of a connection and a timeout or anything like that. Just no connection at at.

But, if the proxy Address is www, our internal hostname for 10.0.0.1, resolved by our internal DNS servers running on our domain controllers, and Port: 8080, it works fine.

Can anyone enlighten me, where the problem is?

Greetings,
Stefan.

HTML5 video blocked on iOS devices

September 4, 2014, 11:49 pm

≫ Next: AP30 Throghput

≪ Previous: Proxy only reachable via hostname, not over IP

$

0

0

I've noticed that I cannot get HTML5 video playback on my iOS devices and some Windows machines while the Web Filtering is enabled. The logs show:

Code:

---

httpproxy[2501]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="192.168.*.*" dstip="220.*.*.*" user="" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="34304" request="0x268e0e78" url="http://uds.ak.o.brightcove.com/57838016001/57838016001_734484871001_Sea-SplashingWater.mp4?playerId=620280460001&lineupId=&affiliateId=&pubId=57838016001&videoId=734462567001" exceptions="" error="" authtime="0" dnstime="34537" cattime="165" avscantime="0" fullreqtime="143133" device="0" auth="0" category="177,178" reputation="neutral" categoryname="Content Server,Internet Services" content-type="video/mp4" application="http"

---

It doesn't look like a block, more that the content scanning is just breaking the streaming. The site in question: Video Test for HTML 5 | Brightcove Support

My web filtering is in transparent mode, and the "Bypass content scanning for streaming content" is already checked. Turning off the web filter fixes the issue, but I was hoping to create an exception rule if possible?

AP30 Throghput

September 5, 2014, 7:21 am

≫ Next: DNS content filtering

≪ Previous: HTML5 video blocked on iOS devices

$

0

0

I just installed an AP30 in my environment. Nothing special. Default Guest network and a second SSID that is AP Bridged to my Internal network. WPA2 Perwsonal with AES Encryption.

I was using Cisco AP1200's previously and I wanted to get off G and onto N specifically for the speed.

Unless I'm missing something, I am very disappointed in the network throughput. My Cisco's gave me a rock solid 54Mb.
I was hoping to bet in the 100Mb range with the AP30. But I am seeing fluctuations between 45mb and 72mb on devices that were solid at 54mb on my AP 1200's.

Why can I only get 72mb out of this device? Shouldn't I get better than that?

Other than the ease of management, I'm not really gaining much but replacing my Cisco's

Chris

Attached Images

9-5-2014 10-19-57 AM.jpg (96.1 KB)

DNS content filtering

September 5, 2014, 10:35 am

≫ Next: Reverse DNS / Request routing not working

≪ Previous: AP30 Throghput

$

0

0

Hi all,
is it possibe to use UTM as DNS content filtering solutions (for example as OpenDNS products)
For example page with adult content is resolved to UTM IP

Thx

Reverse DNS / Request routing not working

September 5, 2014, 10:58 am

≫ Next: SSL VPN Slow Initial Page Loads

≪ Previous: DNS content filtering

$

0

0

I can't seem to get Sophos to resolve internal hostnames. I've read through several threads with similar problems and haven't figured it out yet. I removed all static DNS entries after reading ttps://www.astaro.org/gateway-products/management-networking-logging-reporting/48974-9-105-dns-request-routing-still-not-working-reverse-lookup.html

I'm running 3 internal networks, will give info on one that wasn't created by the wizard.

wInterface attachment shows interface settings
wDHCP shows DHCP settings
wDefinition shows a definition I created so I'd have something to put in the target box for request routing; maybe I did something dumb here.
wDNSGlobal shows the 3 networks allowed to use Sophos for DNS.
wRequestRouting shows the DNS request route.

So I connect my phone to the network and do a nslookup on it:

MBPR: $ nslookup
> 192.168.78.197
Server: 192.168.64.1
Address: 192.168.64.1#53

** server can't find 197.78.168.192.in-addr.arpa.: NXDOMAIN
>

Any ideas? thanks a bunch!

Attached Images

	wInterface.png (51.8 KB)
	wDHCP.png (62.1 KB)
	wDefinition.jpg (38.0 KB)
	wDNSGlobal.png (58.6 KB)
	wRequestRouting.png (49.6 KB)

---

SSL VPN Slow Initial Page Loads

September 5, 2014, 11:00 am

≫ Next: AP30 cover/protection?

≪ Previous: Reverse DNS / Request routing not working

$

0

0

Hi All,

I am using SSL VPN for remote access along with OpenVPN clients (utilizing OpenVPN GUI). My settings are as follows:

• Using 443 (UDP)
• AES-128-CBC
• SHA2 256
• 2048 bit Key Size
• Compression Off

I am pushing my DNS servers (using OpenDNS) to the clients successfully; OpenDNS is also used internally and they are super fast on internal machines. I also tried using the built-in DNS server but had the same issue. When I go to a website that I've visited recently, the page loads instantly, however when I go to a page that I've never been to, it will initially load extremely slow (sometimes up to 20 seconds before page begins displaying). I also noticed that even a handful of pages that I've been to multiple times will even load slowly (Gmail, for example). Sometimes the pages won't load at all and I have to refresh and they will load the second time. This led me to believe it was a DNS issue, but wouldn't the DNS just not work at all?

I have no bandwidth throttling in place and the WAN link on the Sophos box is FTTH with 85/85 service. I looked at the logs for the Firewall and IPS (web filtering is disabled) and there's no messages for this traffic, everything looks normal.

Any help is greatly appreciated. Thanks guys!

AP30 cover/protection?

September 5, 2014, 11:51 am

≫ Next: Some Google Play Store apps won't download

≪ Previous: SSL VPN Slow Initial Page Loads

$

0

0

I am in the process of purchasing an AP30, that will be installed in a classroom/multipurpose room with a ~15' ceiling. Given the possilibility of balls being thrown in the room, I'm looking for something for a protective cover for the AP30.

Does anyone have a suggestion? We are located in the US.

TIA

Some Google Play Store apps won't download

September 5, 2014, 1:14 pm

≫ Next: Multiple Users On One Computer

≪ Previous: AP30 cover/protection?

$

0

0

Hi,

Anybody else having problems with downloading some apps.

For example: Speedtest.net by Ookla

It keeps saying 'Downloading'

Not all the apps fail but a lot of do.

The only thing that helps is making a Antivirus exeption.

Attached Images

Knipsel.jpg (77.7 KB)

Multiple Users On One Computer

September 5, 2014, 1:57 pm

≫ Next: Cisco VPN client - PSK

≪ Previous: Some Google Play Store apps won't download

$

0

0

Hello,

I have searched for this but haven't had any luck. I may be wording it wrong so please forgive me if this is asked and answered. Here is my scenario. I have Sophos UTM 9.2 with Active Directory and SSO. Everything seems to be working great with one issue. I have two computers for my kids that my wife and I sometimes use. For some reason the filter policy on these PC's (this is actually a problem on all PC's but I'm really concerned about these two) will only keep the policy for the first user logged in. For example when the PC is setup and I log my son in his filter profile is applied to the PC and it will not change to my profile if I log him out and back in. this means that when I'm surfing on his PC I can not visit any sites that are not kid friendly. This also applies to my personal Laptop. I cannot let one of my kids login with their account because they will still have my filter profile attached to the laptop and can therefore visit any site they want. Am I missing something in the configuration that's supposed to keep this from happening? I was under the impression that the profile was applied to the user based on AD authentication and that it would change the profile based on the user that's authenticated. Thanks in advance for the help!

Cisco VPN client - PSK

September 5, 2014, 3:27 pm

≫ Next: Hotspot Voucher Not Showing SSID

≪ Previous: Multiple Users On One Computer

$

0

0

Hi,

I'm trying to setup the 'vpnc' client on linux with the UTM (9.111) Cisco VPN config.

VPNC asks for a PSK or 'secret', but I don't see a setting for that in the UTM's Cisco VPN settings.

Where can I find that?

Thanks,
Barry

Hotspot Voucher Not Showing SSID

September 5, 2014, 3:48 pm

≫ Next: Premium License for Hobbyist?

≪ Previous: Cisco VPN client - PSK

$

0

0

When creating vouchers, the wireless SSID to connect to doesn't show up.

I've re-created the HotSpot multiple times and still nothing.

See attached voucher.

I'm about to just edit the voucher template and be done with it. Anyone else ran into this?

Attached Images

voucher (4).jpg (19.8 KB)

Premium License for Hobbyist?

September 5, 2014, 9:06 pm

≫ Next: vCenter with ESXi hosts behind UTM

≪ Previous: Hotspot Voucher Not Showing SSID

$

0

0

What to do?

Does "Sophos" look at these forums?

There are a handful of us that are "power" users of Astaro/Sophos UTM that would like to either invest or find a way to allow us to continue to help out even though we have gone beyond the 50 ip address limit that the free licenses provide.

I have reached out to support for a power 100 IP license renewal, and have even asked to see what it would cost to just buy additional IP licenses, but its always rejected/ignored.

I have been running on PFsense now for some time because I can't limit our network at home here... its not out of line anymore... even my light bulbs have an ip address!

Hello Sophos... can you give us some way to let us help you?

---

vCenter with ESXi hosts behind UTM

September 6, 2014, 10:37 am

≫ Next: Reports show ip not host name

≪ Previous: Premium License for Hobbyist?

$

0

0

Hi all,

I'm having issues at accessing a ESXi host behind my Sophos UTM.
It works for a while, sys is manageable for a small amount of time and then the connection drops for an unknown reason...

I've seen some VMware KB's that states that ESXi management behind nat is not supported but they provide some workaround that i've applied unsuccessfully...

Though, running the VMware vSphere Client directly on the ESXi behind the UTM/NAT works without any issues.. Though trough vCenter it does not...

Any thoughts?

Thanks all,
m.

Reports show ip not host name

September 7, 2014, 11:14 am

≫ Next: CPU 100% ausgelastet

≪ Previous: vCenter with ESXi hosts behind UTM

$

0

0

Is there anyway to have the daily/ monthly exe reports show the DNS names not the ip addresses?

The few entries I have host entries for work but for dhcp it's pretty much useless info to have just ip

CPU 100% ausgelastet

September 7, 2014, 11:54 am

≫ Next: My UTM Project

≪ Previous: Reports show ip not host name

$

0

0

Hallo zusammen,

seit etwa 4 Jahren schütze ich mit der ASG/UTM mein Heimnetzwerk und bin mehr als zufrieden. Wirklich klasse was für ein tolles Produkt man kostenlos nutzen kann bei entsprechnder Hardware (Intel Board mit Atom 1,8 ghz dual core, 4 GB Ram, 60 GB SSD).

Bisher habe ich alles was ich benötige zum laufen bekommen und habe auch kleinere Probleme erfolgreich meistern können. Allerdings habe ich seit einiger Zeit ein seltsames Problem:

Sobald ich meinen Wohnzimmer PC (Windows 7) einschalte geht die CPU Last auf 100% und die Performance des Internets lässt nach. Sporadisch geht nach 1-2 Stunden gar nix mehr, ich kann mich nicht über den WebAdmin anmelden, Internet wird zwar im Netzwerk als online angezeigt aber verbindet nicht. Es hilft dann nurnoch ein unsanfter Neustart der UTM. Sobald ich den PC ausschalte oder den LAN-Stecker ziehe geht die CPU der UTM wieder in den normalen Bereich von 5-15% Auslastung. Der Wohnzimmer PC hat einen FTP-Server und einen AirVideoServer laufen, ansonsten ist es ein ganz gewöhnlicher PC um auf dem Fernseher Videos und Youtube zu schauen.

Die anderen 3 PCs, iPhones und iPads verursachen diese hohe CPU Last nicht.

Ich habe schon die UTM resettet und ein Backup eingespielt, sämtliche Server auf dem Wohnzimmer PC abgeschaltet aber ich komme nicht weiter. Sobald die Kiste mit dem Netz verbunden ist geht die CPU der UTM auf 100% Auslastung!

Hat jemand solch ein Verhalten schonmal beobachtet und hat Tipps wo ich nach der Ursache suchen könnte?

Viele Grüsse,

Martin

My UTM Project

September 7, 2014, 1:52 pm

≫ Next: IPS question

≪ Previous: CPU 100% ausgelastet

$

0

0

Just discovered UTM last week while looking for a solution to monitor the family's web surfing. I spent (too) many hours trying to figure out which hardware to use and I wanted to post what ended up working for me in case anyone else wants a shortcut.

Here is the shopping list...

• Intel NUC D34010WYK1 Intel 4th Gen Core i3
• Crucial M500 120GB mSATA Internal Solid State Drive CT120M500SSD3
• Crucial 8GB Kit DDR3 1600 MT/s (PC3-12800) CT2CP51264BF160B
• Lenovo USB 2.0 Ethernet LAN Adapter (U2L100P-Y1)

I already had the Lenovo USB adapter on hand so my total UTM cost was $463. I also picked up a couple of AP-30's on ebay for $85 and $110 to round out the solution. During install I also used a USB DVD drive that was sitting around.

Installed from latest_asg_v9_software.iso which in this case was version 9.205-12. I got an error during install that there was only one NIC found, but after the system rebooted with UTM it saw the USB NIC fine.

Performance seems fine. I have a lot of devices floating around, but my internet speed is only 25/10. There are 38 of 50 IP's active according to the license manager.

Active Roles:

• Firewall
• IPS
• Web Filtering
• Network Visibility
• Wireless Protection
• Antivirus
• AntiSpyware

Stats:

• Weekly CPU average: 3%
• Weekly Mem average: 13%

So in the end, the hardware is probably over the top, but it meets my primary requirements of tiny and quiet. If Intel ever comes out with a dual NIC NUC I think it would power all UTM's going forward :)

Hope this helps fellow UTM rookie's get started.

IPS question

September 7, 2014, 1:55 pm

≫ Next: Terminalserver über WAF & OTP veröffentlichen

≪ Previous: My UTM Project

$

0

0

When I look at the dashboard I see:

Intrusion Prevention is active with 1677 of 20691 patterns

As far as I can tell I have all IPS attack patterns turned on. I would expect to see "20691 or 20691 patterns" in use then.

Can someone clear that up for me?