@scottalanmiller said in First Look Ubiquiti Unifi UXG Pro: The new, unreleased Unifi UXG Pro just arrived here at the NTG Dallas offices. Woot! It's dual power supply, dual WAN, dual LAN, touch screen LCD and up and running! More details as we get to play with it. DAMN IT!!!

@Romo said in Unifi USG VPN from Behind NAT Firewall: Also add the changes to a config.gateway.json file in the controller to changes directly made on the USG don't get deleted on next provision. One reason I hate these units.

Roflol

@mary It depends of manufacturer or vendor. Now in this times everyone is using "Standard Protocols"

@melvinsilva said in IGP and EGP - CompTIA Network+ N10-007: @scottalanmiller I Will Add; "Only by WAN Network Administrators". No, internal too. In fact, most, by far, are internal. You only have a few big WAN connections with most companies. But you might have hundreds or thousands of internal routes that have to be managed.

Both required a good initial configuration, but when "issues" occurs like link flaps or ISP outage (when MPLS fails), Dynamic may affect Router performance (CPU, Memory, etc). Using Dynamic Routing; if you have no backup link or you dont have a proper failover configuration with correct threshold, the network updates will cause router performance degradation. It constantly will try to reach destination via default gateway. Using Static Routing; If you have not a recovery plan or a back door to enter the remote router, you will have zero access to that device until link or issue is restored. Packets will be forwarded to a dead route. For both, Initial design and configuration is the Key, when issues happens troubleshooting is a nightmare when things are not well done.

Done with this one!

@scottalanmiller said in 10Gb/s Firewall Choice for Colocation: @bnrstnr said in 10Gb/s Firewall Choice for Colocation: Looks like the ER‑8‑XG could also be a good fit if you prefer the EdgeRouter series over the Unifi stuff. Also slightly less expensive, and better performance. https://www.ui.com/edgemax/edgerouter-infinity/ And ordered... we should have it on Monday. From the only vendor offering prime?

@scottalanmiller said in ISP Failover with Cisco ASA: That's mostly true. But Cisco considers it real Cisco and it shows their view of themselves. And that, I always think, is important. Cisco doesn't seem themselves as an enterprise player. And I've been in sales meetings with Cisco and that definitely comes through when talking to them. That's not what I got from my sales conversations with them. They were very explicit about real Cisco and the lesser sub-brands. Having been at two huge banks that were burned by being willing to use UCS, Cisco and enterprise are two words I never put together. From networking to phones to servers, Cisco is consistently overpriced and underperforming. I absolutely loved UCS, even wrote the original oVirt/RHV plugin for the VMFEX cards. They were ahead of their time with those boxes, but the cloud pretty much killed everything really cool and advanced about HW

@pmoncho said in Kerio Connect "license error: license exhausted, cannot allow another host": Based on the couple posts I have seen, each registered user can have five devices. So, if they have 30 devices, they need 6 user licenses. Did they add any extra devices lately? Easily, but more likely they just let their license expire.

@scottalanmiller said in Untangle Site to Site VPN Not Connecting: @dbeato said in Untangle Site to Site VPN Not Connecting: @scottalanmiller said in Untangle Site to Site VPN Not Connecting: We DID find last night that one machine had updated to a different version than the other. But the other is months behind but refuses to recognize that an update exists. Untangle claims updates are delayed to reduce server load and there is no option to control versions (basically... this is in no way a business product.) There is always a way to force the updates, I bet this are actual old workstations or servers with Untangle, otherwise they would have been in version 14.1... This is not way configured the same for updates on both devices.. Don't think so, looking at the hardware they looked like store bought Untangle commercial devices. Weird all around, but I understand

@Donahue said in Why I See UTMs As Generally Bad in the Current Market: @scottalanmiller said in Why I See UTMs As Generally Bad in the Current Market: @Donahue said in Why I See UTMs As Generally Bad in the Current Market: The reason we went with Fortigate over an Edge router, is that the Edge router couldn't do the IPsec bandwidth we were trying to hit. But mine is an NGFW with UTM bundled in. Could there been some other product that I dont know of that would have been better in our case? ERL does nearly half of what you need... https://community.ubnt.com/t5/EdgeRouter/ERL-Performance-Testing-with-IPSec-VPN/m-p/1053799#M44593 ER and ERPro are so much more powerful. The ER Pro has 2x the CPU power, and 4x the RAM. We'd expect it to be able to saturate your lines no problem. Of course that is "expect", but based on the ERL speeds, and that they run the same code, there is little doubt that it can push IPSec over 1Gig speeds. https://dl.ubnt.com/datasheets/edgemax/EdgeRouter_DS.pdf Your link is what convinced me not to use the ER pro. the Pro's will only do <500 mbps at full capacity, its in the link you posted. Where in it? Oh, I see. he mentions ER Pro in another post, then posts them without stating what they are in a thread on ERLs. VERY confusing.

Only so serious, it's in D-Link gear. Bwahaha

@jaredbusch said in Ubiquiti ER3 to ER4 Upgrade?: @scottalanmiller said in Ubiquiti ER3 to ER4 Upgrade?: @mroth911 said in ubiquiti Er3 to 4 Upgrade?: Can I just back up my er3 and upload it to the 4 I believe so. I have never tried, but it should handle it because it only bring the /config folder in, and nothing in the hardware of the 3 vs 4 is all that different. To clarify, I have migrated from ERL to ER4 a couple times. But I manually migrate. I don’t try to restore the old config.

You may not have LoS to the building from your current location but I had a similar issue with a client and we were able to negotiate with the property management of a nearby apartment building that did have LoS. My client rents access to the building roof where we installed fiber internet access and a Poit-to-Point network. There's about 2km between the PtP devices and we managed to get about 175Mbps speeds using Ubiquiti gear. Would that be an option you could investigate? Easy to setup VPN between locations at that time.

@jaredbusch Oh no way lol, thats great!

@dbeato said in Anyone running SonicOS 6.5.0.2-8n?: @dave247 said in Anyone running SonicOS 6.5.0.2-8n?: We run a SonicWall NSA 3600 where I work and I am staring to look into upgrading to the new 6.5 firmware (6.5.0.2-8n). I have heard of some issues with the last two updates, and wanted to get more input if anyone has any to give.. I am not, I am using the 6.2.9 on the production Sonicwalls we have. I would recommend to test it out if possible. Unfortunately I can't realistically test it out. Even if I had an extra, non-production unit, I doubt I could effectively detect issues since production factors would not be present enough to fully test. I suppose I could just always roll back if necessary... but I think I will probably be waiting a few more releases.. that or just move to a different UTM all together..

ERL with an AC Lite AP at home as well as many clients. Zero issues.

@jaredbusch said in Comparing Ubiquiti EdgeRouter and Cisco ASA PPS Performance and Cost: @nashbrydges said in Comparing Ubiquiti EdgeRouter and Cisco ASA PPS Performance and Cost: @jaredbusch said in Comparing Ubiquiti EdgeRouter and Cisco ASA PPS Performance and Cost: @nashbrydges said in Comparing Ubiquiti EdgeRouter and Cisco ASA PPS Performance and Cost: @brandon220 said in Comparing Ubiquiti EdgeRouter and Cisco ASA PPS Performance and Cost: I've been using an ERL at home for a while and have them deployed at several business. Zero complaints and I recommend them all the time. I wish I could use it at home. I'm on Bell Canada ftth and they use a different vlan for iptv and internet. All of the online guides I've seen haven't been able to get me to use my ERL and Bell won't give up which VLANs they use. No one hasd figured this information out yet? Sadly not yet, at least not that my Google-fu has allowed me to find. I am a bit amazed because it should only take a mirrored switch port and wireshark to find VLAN tags. This was my thinking as I was reading the posts. This is /should be pretty easy to figure out.

I've used tor, it's functional, but removes a lot of what most people consider useful from most websites.

@Reid-Cooper said in Fortinet Experiences: I guess it matters then... who else is on the list? What about Sophos, are they an option? Looks like only their disk encryption is. Here is the list: http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/1401vend.htm.

@Dashrender said in Two ISP Fail over Internally vs Externally Fail over: what does it do that the ER-L doesn't? I know someone else (the guy at SW who swears more than JB) recommended the Peplink to me years ago... but I think the ER-L can do many of the same things now. Much like Tivo and generic DVRs, they function the same, but the actual execution is more refined. Outbound load balance has been a feature for many different devices for a while now. I've got an ER-L right now, yeah it does the load balance between the two circuits. But since they are very different speeds, they don't balance as evenly as Peplink can do it. They also don't offer bonded VPN and their interface is easy as fuck to deal with. Yeah, I can buy a TWC DVR, but my Tivo does more.

@Reid-Cooper said in Open source Firewall: pfSense was really good in the past. But I agree, the days of building your own firewall on an old PC that you have are over. Right - the cost just isn't worth running your old PC. Power alone will cost more than the cost of an ER-X or ER-L.

By default, traffic will pass between VLANs 1 & 2, unless you go into the firewall & add rules to deny traffic

I've built one once... It was a Firewall / Router using straight up Linux, Shorewall, and ClamAV for a 10 meg connection. Our main firewall just went kaput, and the company was not responding to phone calls for support (it's a long story). Set up Linux on a system with 8 NICs and went to town. Edit: It's not hard to build one if you understand the concepts of routing and such... Not for the faint of heart if you have to make one work well enough to be used in production.

@bransona said in MS-CHAP on Ubiquiti EdgeRouter: @scottalanmiller is correct. I have Edgerouter 2.0.9 and it STILL requires PAP in the Windows policy. Under Config Tree, there is no way to make the router use MSCHAP or MSCHAPv2 instead of PAP (cleartext). I went to notify Ubiquiti hoping they can potentially have this included in another firmware release soon, but Ubiquiti Support was apprised of this 5 years ago! https://community.ui.com/questions/Encrypted-Radius-Supported/7857b119-91d8-4365-8c2a-8c21de0937a4 Yup it has been a big issue for a while now on the EdgeSwitches too.

Apparently I figured out my issue with the dual wan traffic shaping. Had to turn on stickiness.... just goes to show you how little I've dealt with networking.

@JaredBusch said in VyOS Port Address Translation for HTTPS: @scottalanmiller said in VyOS Port Address Translation for HTTPS: Got it working. The firewall rule was in the wrong section of the firewall. You had it on eth0 local instead of eth0 in? Yuppers.