Hello. I started fail2ban, configured filter.d for snort. Filter.d
[Definition]

failregex = .*snort.*Priority: 1.*} <HOST>.*
#        .*snort.*Priority: 2.*} <HOST>.*

I have configured jail.local
 
Although fail2ban bans ip, iptables doesn't ban those apis, I still see them active. How could I add this rule in iptables to block ips banned by fail2ban? Thank you !

Hi all community!
I'm new on this forum so I'll try to explain my problem as clear as possible.
I've setup my Endian as follows:

RED network: 10.0.0.2/24 (behind a router, but the WAN IP of the firewall is on DMZ on router so all traffic will be forwarded)
GREEN network: 192.168.1.0/24

I also have an instance of PiHole installed, which I use for DNS resolving and network ad blocker.
It's IP is 192.168.1.80.

Everything works perfectly while inside the GREEN network. I also enabled the IPS, and the HTTP proxy as well. Several clients connects and will navigate with proxy and Pihole as DNS.

I'd like to setup a VPN connection for my smartphone in order to connect via VPN and then navigate on Internet by using the PiHole and behind the proxy even if I'm outside home.

So, I've setup all the stuff:
- VPN type IPSec: the IP range from which the appliance will assign addresses is 192.168.2.0/28.
- Created VPN tunnel, which uses certificate
- Created the VPN local user, which uses certificate too.

I downloaded the Strongswan VPN client for Android, and I setup all needed to connect: I imported RootCA certificate, as well as the personal user's certificate and the Endian Firewall certificate (the one binded on the WAN).
I've setup all certificates on the Strongswan, also matching the certificates' Subjects for authentication purposes.

The smartphone connects successfully, but after that I'm not longer able to use any device on the GREEN network (for example, a notebook will disconnect from Internet and there's no way to resume connectivity until smartphone's VPN has been disconnected).

I noticed that if I put the RED subnet (so, 10.0.0.0/24) on the "local subnet" parameter on VPN tunnel configuration, it will happen the above described. If I set instead the GREEN subnet (so, 192.168.1.0/24, which is the wanted one, I suppose) more than disabling the Internet access, I'm moreover also not able to connect to LAN devices (for example, the Firewall GUI).

I've also enabled the VPN Firewall and create proper rules from IPSEC to GREEN and from GREEN to IPSEC to permit all traffic, so in the Firewall log, for example, I can see requests from 192.168.2.1 (the first assigned IP while connecting from smartphone) to PiHole DNS server performed and accepted. But then, connection is lost.

Can someone please help me? Honestly I don't know on what to investigate more.

I also attach a connection log, if can be useful.

Thank you!
Regards
Giuseppe

Thanks, i revoked another one certificate and vpn working now. What a...

What sort of VPN, and why do you want to use it like that?

If you have an internal machine you may need a port forward with the correct ports opened, or some other configuration. But until you explain more it is hard to guess at a solution for you.

I'm sure Endian will happily relieve you of cash for professional support......

Check their website for some documentation, but it doesn't all apply to the Community version, and almost certainly wont answer your question.

You should not need to do this manually.. You'll get in a bit of a mess. Endian isn't really deigned for doing things manually.

From the GUI

VPN/Cetificates/Certificate Revocation List

The CRL will update each time you Revoke a certificate and is available for download.

Or you can obtain the CRL cert directly here (after revoking the certs)

/var/efw/vpn/ca/crl.pem

Hello all!
I have efw 3.2.5 with openvpn fully worked without problems before i revoked some certificates(users) for security reasons. And now nobody can connect to vpn.
Error is "error=CRL has expired". After i googled it and found some solutions and one of them is to generate new crl.pem file via openssl. But in endian i cant do it and need help.
I found:
/var/efw/vpn - with ca certificates directory
/var/efw/openvpn - with settings for openvpn (why not in vpn directory ?)
/etc/openvpn - with openssl.cnf but not for endian settings....

Please help with generating clr.pem or finding best solution for this error....

Issue has been solved by disabling FTP rule. Restarted IPS service & now rules have been updated today 

I also need help with this, I can't find this file in version 3.x to be able to assign IP to the created vlans, please help

Hello, I am creating some vlans, but I cannot find the rc.ipac file to assign the IPs to each vlan. In this version, how can I assign the IPs to each vlan?

Hi,

I am using Endian Firewall since 2014 & never face IPS issue. Since 05 October 2023, IPS is not updating as well as working. I have reinstalled to latest version 3.2.5 as well. Please help to resolve this matter.

Thanks,

Amir