ML
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login
    1. Topics
    2. Tags
    3. utm
    Log in to post
    • All categories
    • steveS

      Network Services - CompTIA A+ 220-1001 Prof Messer

      Watching Ignoring Scheduled Pinned Locked Moved IT Careers networking utm security prof messer comptia a+ it training it careers certification
      10
      2 Votes
      10 Posts
      1k Views
      travisdh1T

      @scottalanmiller said in Network Services - CompTIA A+ 220-1001 Prof Messer:

      @valentina said in Network Services - CompTIA A+ 220-1001 Prof Messer:

      are proxy servers used for security purposes? do they have other functions?

      Yes, very much so.

      They are also very commonly used to allow a single IP address to be used for many services. The most common example... a single proxy server with a single (expensive) public IP address can handle requests for hundreds of thousands, or even millions, of websites. Behind the proxy server can be one or one million separate web servers each serving out applications or web sites or whatever and the proxy server can look at the incoming request and determine, based on the URL used, which server and port to send the request to behind itself.

      Because of the above, they are often used for load balancing because they can send requests to different servers for the same application or site.

      Proxy servers often have caches in them, too. So they quite often store simple, static information "at the edge" to deliver it faster while the application servers behind them do the heavy work for database requests and stuff.

      Proxy servers are sometimes used to "hide" the true location of a server. Cloudflare famously does this so that attackers have no idea where a web site actually comes from, all they see is Cloudflare's proxies.

      A proxy can also do things like handle SSL security so that web servers behind it (or other servers, proxy doesn't imply web) don't have to do that work, as well.

      Hrm, I only have around 20 subdomains pointing to the same IP so far. If my home lab box was a little beefier I'd take this as a challenge. (Scott might as well be describing my home lab environment here.)

    • scottalanmillerS

      Untangle Site to Site VPN Not Connecting

      Watching Ignoring Scheduled Pinned Locked Moved IT Discussion openvpn vpn untangle router utm
      18
      1 Votes
      18 Posts
      2k Views
      dbeatoD

      @scottalanmiller said in Untangle Site to Site VPN Not Connecting:

      @dbeato said in Untangle Site to Site VPN Not Connecting:

      @scottalanmiller said in Untangle Site to Site VPN Not Connecting:

      We DID find last night that one machine had updated to a different version than the other. But the other is months behind but refuses to recognize that an update exists. Untangle claims updates are delayed to reduce server load and there is no option to control versions (basically... this is in no way a business product.)

      There is always a way to force the updates, I bet this are actual old workstations or servers with Untangle, otherwise they would have been in version 14.1... This is not way configured the same for updates on both devices..

      Don't think so, looking at the hardware they looked like store bought Untangle commercial devices.

      Weird all around, but I understand 😞

    • scottalanmillerS

      Why I See UTMs As Generally Bad in the Current Market

      Watching Ignoring Scheduled Pinned Locked Moved IT Discussion utm firewall security ngfw networking router
      35
      3 Votes
      35 Posts
      4k Views
      scottalanmillerS

      @Donahue said in Why I See UTMs As Generally Bad in the Current Market:

      @scottalanmiller said in Why I See UTMs As Generally Bad in the Current Market:

      @Donahue said in Why I See UTMs As Generally Bad in the Current Market:

      The reason we went with Fortigate over an Edge router, is that the Edge router couldn't do the IPsec bandwidth we were trying to hit. But mine is an NGFW with UTM bundled in. Could there been some other product that I dont know of that would have been better in our case?

      ERL does nearly half of what you need...

      https://community.ubnt.com/t5/EdgeRouter/ERL-Performance-Testing-with-IPSec-VPN/m-p/1053799#M44593

      ER and ERPro are so much more powerful. The ER Pro has 2x the CPU power, and 4x the RAM. We'd expect it to be able to saturate your lines no problem. Of course that is "expect", but based on the ERL speeds, and that they run the same code, there is little doubt that it can push IPSec over 1Gig speeds.

      https://dl.ubnt.com/datasheets/edgemax/EdgeRouter_DS.pdf

      Your link is what convinced me not to use the ER pro. the Pro's will only do <500 mbps at full capacity, its in the link you posted.

      Where in it?

      Oh, I see. he mentions ER Pro in another post, then posts them without stating what they are in a thread on ERLs. VERY confusing.

    • dave247D

      Considering moving from SonicWall to Sophos XG (Looking for feedback on Sophos)

      Watching Ignoring Scheduled Pinned Locked Moved IT Discussion utm sonicwall sophos sophos xg networking security firewall
      12
      2 Votes
      12 Posts
      2k Views
      scottalanmillerS

      Something to keep in mind is NGFW. Ubiquiti and Meraki, for example, are NGFW.

      It looks like much of the market is already starting to cool on the UTM crazy and NGFW is taking off as the "next stage" of popular approaches. Basically a reversal of direction or marketing at least, even from the big players in the UTM space like Palo Alto, Fortinet, Cisco, etc.

    • wrx7mW

      Replacing a UTM in an SMB - With What?

      Watching Ignoring Scheduled Pinned Locked Moved IT Discussion utm ids ips proxy firewall security network security filtering
      18
      1 Votes
      18 Posts
      2k Views
      wrx7mW

      @jaredbusch - I thought that is what you meant but did a double-take. LOL

    • LakshmanaL

      Open source Firewall

      Watching Ignoring Scheduled Pinned Locked Moved IT Discussion firewall router open source pfsense vyos linux freebsd endian smoothwall shorewall utm ip cop iptables firewalld ufw
      16
      0 Votes
      16 Posts
      3k Views
      DashrenderD

      @Reid-Cooper said in Open source Firewall:

      pfSense was really good in the past. But I agree, the days of building your own firewall on an old PC that you have are over.

      Right - the cost just isn't worth running your old PC. Power alone will cost more than the cost of an ER-X or ER-L.

    • FATeknollogeeF

      Ubiquiti USG-PRO-4

      Watching Ignoring Scheduled Pinned Locked Moved IT Discussion ubiquiti firewall utm rackmount gateway
      42
      0 Votes
      42 Posts
      12k Views
      DashrenderD

      @travisdh1 said:

      @Dashrender said:

      I've never understood how viruii got around AV products on machines running them. It's my understanding this is somehow possible because of other unpatched flaws in the OS, even though the AV knows about the virus, the virus can still get in through the OS flaw, then using that flaw disable the AV, and pwn the machine.

      Do I understand that incorrectly?

      It's normally through another piece of software than the OS today actually. Microsoft finally got most of the holes in their swiss cheese plugged. Ironically, the programming code that many AV use also creates a hole for malware to enter through. Wish I had a few minutes to find those articles that hit recently.

      yeah I read those too - darn AV companies!

    • NetworkNerdN

      Barracuda NG Firewalls - Can They Replace My Barracuda 410 Web Filter?

      Watching Ignoring Scheduled Pinned Locked Moved IT Discussion barracuda cisco ubiquiti sophos firewall router utm unified threat management web filtering web proxy networking
      39
      1 Votes
      39 Posts
      8k Views
      scottalanmillerS

      @Dashrender said:

      @scottalanmiller said:

      @Dashrender said:

      So if the OP wants to do web filtering and firewall services - what stuff should he buy?

      Same thing that I keep saying... ERL and Squid.

      I just wanted you to post it again πŸ™‚

      LOL. There it is.

    • Deleted74295D

      Expensive hardware going spare.

      Watching Ignoring Scheduled Pinned Locked Moved IT Discussion palo alto firewall utm security networking pa-5060
      34
      2 Votes
      34 Posts
      6k Views
      coliverC

      @Breffni-Potter said:

      @coliver said:

      @Breffni-Potter said:

      Bidding starts at $2500.

      Collection only πŸ˜„

      Welp too rich for my blood.

      But I just put an Apple Sticker on top. Therefore the price has gone up.

      Oh... Man suddenly I really want these things... damn you Apple!

    • scottalanmillerS

      Firewall Options for the NTG Lab

      Watching Ignoring Scheduled Pinned Locked Moved IT Discussion firewall utm vyos ubnt ubiquiti ntg lab
      6
      1 Votes
      6 Posts
      1k Views
      JaredBuschJ

      @scottalanmiller said in Firewall Options for the NTG Lab:

      @travisdh1 said in Firewall Options for the NTG Lab:

      @scottalanmiller said in Firewall Options for the NTG Lab:

      Never followed up on this, whoops. We ended up using VyOS for a few years. But the hardware died on us and was too complex to service. It made no sense as it was cheaper to replace with new Ubiquiti hardware than it was to maintain what we already had. So we ended up going with a UBNT ERL and it has been great.

      Out of curiosity, is it the one running the NTG lab?

      I'm just assuming that you only have it doing routing and that it can do the basics at full line speed.

      Yes, that is what is currently running there. We don't do QoS filtering in the lab, so it handles the speeds just fine.

      ERL can do near line speed as long as you don’t do something to hit the CPU.

    • 1 / 1