Welcome, Guest. Please login or register.
Did you miss your activation email?
Friday 01 March 2024, 02:42:01 am

Login with username, password and session length

Download the latest community FREE version  HERE
14245 Posts in 4376 Topics by 6489 Members
Latest Member: GB-gattoboy
Search:     Advanced search
Pages: [1] 2 3 4 5 ... 10
 on: Wednesday 28 February 2024, 01:09:27 am 
Started by leandrooriguela - Last post by leandrooriguela
Does Endian Community support the Intel 211 driver?

 on: Saturday 06 January 2024, 11:30:20 pm 
Started by pisisler - Last post by pisisler
I have a DNS server running behind Endian and it works fine. But I can't see the client IPs of those who make requests to this DNS server; because Endian proxies DNS requests. That's why all I am seeing in my DNS server logs is that all the DNS requests are coming from which is Endian's local IP.

So how can I disable DNS proxying of Endian to let my DNS server see the real client IPs? I tried enabling transparency in Proxy -> DNS but it didn't work. (I have only GREEN interface enabled so I can enable transparency on GREEN zone only.)

 on: Friday 05 January 2024, 08:25:49 pm 
Started by nattelip - Last post by nattelip
SSH protocol flaw Terrapin Attack CVE-2023-48795: All you need to know

see    jfrog.com//ssh-protocol-flaw-terrapin-attack-cve-2023-48795-all-you-need-to-know/

 on: Monday 01 January 2024, 08:52:22 pm 
Started by amirmasroor - Last post by samuel
Hello. how can you fix the bug.
Ad line to $ nano /etc/snort/snort.conf.tmpl
                 portvar FTP_PORTS     21

and $ jobcontrol restart snort --force

I hope it helps.

 on: Friday 22 December 2023, 01:43:01 am 
Started by sakariheija - Last post by sakariheija

Is there misconfiguration on blackholedns.conf file on yesterdays update? There is address=/google.com/ marked on that list.


 on: Tuesday 19 December 2023, 08:56:17 pm 
Started by paluanmultimedia - Last post by paluanmultimedia
Good morning, I have several firewalls that restart themselves for no reason. Sometimes it happens when main uplink is faulty. Other times for no reason. Even with a new power supply. It happens with version 3.3.23 3.3.24 and 3.3.25.
Even with a new power supply.
This is the error:

This notification was sent by the Endian UTM device
named efw-xx on 2023-12-19T10:47:05+01:00. The email has been generated
from the event described below:

The system has started.

This happens to me on 6 out of 30 devices.

Is it due to malfunctioning uplinks?

Thanks to those who will help me by sharing their experience. Sorry for my translated English.

 on: Thursday 07 December 2023, 05:04:06 am 
Started by amirmasroor - Last post by AndreaCH
Issue has been solved by disabling FTP rule. Restarted IPS service & now rules have been updated today  Grin

same issue, same resolution. Thank you.


 on: Tuesday 05 December 2023, 06:07:59 am 
Started by marciorossis - Last post by dieggomoc
Good afternoon, I'm using the transparent proxy, everything works, blocking sites like YouTube, Facebook, the problem is that even putting the Mac or even the IP of the machine to which I want to allow access through the Bypass transparent proxy, it doesn't accept it, it continues to block and it's worse if I change the DNS to 8.8 .8.8 on the machine is released how do I get endian to just accept its proxy which in this case is and how do I release access via Bypass proxy transparent on the transparent proxy I'm on the latest version 3.3.25

 on: Tuesday 07 November 2023, 09:10:29 pm 
Started by samuel - Last post by samuel
Hello. I started fail2ban, configured filter.d for snort. Filter.d

failregex = .*snort.*Priority: 1.*} <HOST>.*
#        .*snort.*Priority: 2.*} <HOST>.*

I have configured jail.local
Although fail2ban bans ip, iptables doesn't ban those apis, I still see them active. How could I add this rule in iptables to block ips banned by fail2ban? Thank you !

 on: Monday 30 October 2023, 05:05:39 am 
Started by heavymetalforever - Last post by heavymetalforever
Hi all community!
I'm new on this forum so I'll try to explain my problem as clear as possible.
I've setup my Endian as follows:

RED network: (behind a router, but the WAN IP of the firewall is on DMZ on router so all traffic will be forwarded)
GREEN network:

I also have an instance of PiHole installed, which I use for DNS resolving and network ad blocker.
It's IP is

Everything works perfectly while inside the GREEN network. I also enabled the IPS, and the HTTP proxy as well. Several clients connects and will navigate with proxy and Pihole as DNS.

I'd like to setup a VPN connection for my smartphone in order to connect via VPN and then navigate on Internet by using the PiHole and behind the proxy even if I'm outside home.

So, I've setup all the stuff:
- VPN type IPSec: the IP range from which the appliance will assign addresses is
- Created VPN tunnel, which uses certificate
- Created the VPN local user, which uses certificate too.

I downloaded the Strongswan VPN client for Android, and I setup all needed to connect: I imported RootCA certificate, as well as the personal user's certificate and the Endian Firewall certificate (the one binded on the WAN).
I've setup all certificates on the Strongswan, also matching the certificates' Subjects for authentication purposes.

The smartphone connects successfully, but after that I'm not longer able to use any device on the GREEN network (for example, a notebook will disconnect from Internet and there's no way to resume connectivity until smartphone's VPN has been disconnected).

I noticed that if I put the RED subnet (so, on the "local subnet" parameter on VPN tunnel configuration, it will happen the above described. If I set instead the GREEN subnet (so,, which is the wanted one, I suppose) more than disabling the Internet access, I'm moreover also not able to connect to LAN devices (for example, the Firewall GUI).

I've also enabled the VPN Firewall and create proper rules from IPSEC to GREEN and from GREEN to IPSEC to permit all traffic, so in the Firewall log, for example, I can see requests from (the first assigned IP while connecting from smartphone) to PiHole DNS server performed and accepted. But then, connection is lost.

Can someone please help me? Honestly I don't know on what to investigate more.

I also attach a connection log, if can be useful.

Thank you!

Pages: [1] 2 3 4 5 ... 10
Page created in 0.047 seconds with 15 queries.
Powered by SMF 1.1 RC2 | SMF © 2001-2005, Lewis Media Design by 7dana.com