Welcome, Guest. Please login or register.
Did you miss your activation email?
Wednesday 25 December 2024, 05:19:47 pm

Login with username, password and session length

Download the latest community FREE version  HERE
14262 Posts in 4377 Topics by 6517 Members
Latest Member: Sandro
Search:     Advanced search
Pages: 1 2 [3] 4 5 6 7 ... 10
 21 
 on: Monday 01 January 2024, 08:52:22 pm 
Started by amirmasroor - Last post by samuel
Hello. how can you fix the bug.
Ad line to $ nano /etc/snort/snort.conf.tmpl
                 portvar FTP_PORTS     21

and $ jobcontrol restart snort --force

I hope it helps.

 22 
 on: Friday 22 December 2023, 01:43:01 am 
Started by sakariheija - Last post by sakariheija
Hello,

Is there misconfiguration on blackholedns.conf file on yesterdays update? There is address=/google.com/75.125.225.163 marked on that list.

br,
sakari

 23 
 on: Tuesday 19 December 2023, 08:56:17 pm 
Started by paluanmultimedia - Last post by paluanmultimedia
Good morning, I have several firewalls that restart themselves for no reason. Sometimes it happens when main uplink is faulty. Other times for no reason. Even with a new power supply. It happens with version 3.3.23 3.3.24 and 3.3.25.
Even with a new power supply.
This is the error:

This notification was sent by the Endian UTM device
named efw-xx on 2023-12-19T10:47:05+01:00. The email has been generated
from the event described below:

The system has started.

This happens to me on 6 out of 30 devices.

Is it due to malfunctioning uplinks?

Thanks to those who will help me by sharing their experience. Sorry for my translated English.

 24 
 on: Thursday 07 December 2023, 05:04:06 am 
Started by amirmasroor - Last post by AndreaCH
Issue has been solved by disabling FTP rule. Restarted IPS service & now rules have been updated today  Grin

same issue, same resolution. Thank you.

Andrea.

 25 
 on: Tuesday 05 December 2023, 06:07:59 am 
Started by marciorossis - Last post by dieggomoc
Good afternoon, I'm using the transparent proxy, everything works, blocking sites like YouTube, Facebook, the problem is that even putting the Mac or even the IP of the machine to which I want to allow access through the Bypass transparent proxy, it doesn't accept it, it continues to block and it's worse if I change the DNS to 8.8 .8.8 on the machine is released how do I get endian to just accept its proxy which in this case is 192.168.0.240 and how do I release access via Bypass proxy transparent on the transparent proxy I'm on the latest version 3.3.25

 26 
 on: Tuesday 07 November 2023, 09:10:29 pm 
Started by samuel - Last post by samuel
Hello. I started fail2ban, configured filter.d for snort. Filter.d
[Definition]

failregex = .*snort.*Priority: 1.*} <HOST>.*
#        .*snort.*Priority: 2.*} <HOST>.*

I have configured jail.local
 
Although fail2ban bans ip, iptables doesn't ban those apis, I still see them active. How could I add this rule in iptables to block ips banned by fail2ban? Thank you !

 27 
 on: Monday 30 October 2023, 05:05:39 am 
Started by heavymetalforever - Last post by heavymetalforever
Hi all community!
I'm new on this forum so I'll try to explain my problem as clear as possible.
I've setup my Endian as follows:

RED network: 10.0.0.2/24 (behind a router, but the WAN IP of the firewall is on DMZ on router so all traffic will be forwarded)
GREEN network: 192.168.1.0/24

I also have an instance of PiHole installed, which I use for DNS resolving and network ad blocker.
It's IP is 192.168.1.80.

Everything works perfectly while inside the GREEN network. I also enabled the IPS, and the HTTP proxy as well. Several clients connects and will navigate with proxy and Pihole as DNS.

I'd like to setup a VPN connection for my smartphone in order to connect via VPN and then navigate on Internet by using the PiHole and behind the proxy even if I'm outside home.

So, I've setup all the stuff:
- VPN type IPSec: the IP range from which the appliance will assign addresses is 192.168.2.0/28.
- Created VPN tunnel, which uses certificate
- Created the VPN local user, which uses certificate too.

I downloaded the Strongswan VPN client for Android, and I setup all needed to connect: I imported RootCA certificate, as well as the personal user's certificate and the Endian Firewall certificate (the one binded on the WAN).
I've setup all certificates on the Strongswan, also matching the certificates' Subjects for authentication purposes.

The smartphone connects successfully, but after that I'm not longer able to use any device on the GREEN network (for example, a notebook will disconnect from Internet and there's no way to resume connectivity until smartphone's VPN has been disconnected).

I noticed that if I put the RED subnet (so, 10.0.0.0/24) on the "local subnet" parameter on VPN tunnel configuration, it will happen the above described. If I set instead the GREEN subnet (so, 192.168.1.0/24, which is the wanted one, I suppose) more than disabling the Internet access, I'm moreover also not able to connect to LAN devices (for example, the Firewall GUI).

I've also enabled the VPN Firewall and create proper rules from IPSEC to GREEN and from GREEN to IPSEC to permit all traffic, so in the Firewall log, for example, I can see requests from 192.168.2.1 (the first assigned IP while connecting from smartphone) to PiHole DNS server performed and accepted. But then, connection is lost.

Can someone please help me? Honestly I don't know on what to investigate more.

I also attach a connection log, if can be useful.

Thank you!
Regards
Giuseppe

 28 
 on: Friday 27 October 2023, 03:35:19 am 
Started by Lotoss - Last post by Lotoss
You should not need to do this manually.. You'll get in a bit of a mess. Endian isn't really deigned for doing things manually.

From the GUI

VPN/Cetificates/Certificate Revocation List

The CRL will update each time you Revoke a certificate and is available for download.

Or you can obtain the CRL cert directly here (after revoking the certs)

/var/efw/vpn/ca/crl.pem


Thanks, i revoked another one certificate and vpn working now. What a...

 29 
 on: Friday 27 October 2023, 12:05:28 am 
Started by miki22 - Last post by reetp
What sort of VPN, and why do you want to use it like that?

If you have an internal machine you may need a port forward with the correct ports opened, or some other configuration. But until you explain more it is hard to guess at a solution for you.

I'm sure Endian will happily relieve you of cash for professional support......

Check their website for some documentation, but it doesn't all apply to the Community version, and almost certainly wont answer your question.

Code:
docs.endian.com/3.0/utm/first.html

 30 
 on: Thursday 26 October 2023, 11:53:21 pm 
Started by Lotoss - Last post by reetp
You should not need to do this manually.. You'll get in a bit of a mess. Endian isn't really deigned for doing things manually.

From the GUI

VPN/Cetificates/Certificate Revocation List

The CRL will update each time you Revoke a certificate and is available for download.

Or you can obtain the CRL cert directly here (after revoking the certs)

/var/efw/vpn/ca/crl.pem

Pages: 1 2 [3] 4 5 6 7 ... 10
Page created in 0.078 seconds with 13 queries.
Powered by SMF 1.1 RC2 | SMF © 2001-2005, Lewis Media Design by 7dana.com