I can see RSTP is enabled on the stack. I presume this should mean I can connect stack member B to the firewall and the stack will put that in to a sort of disabled state, and will use should the link in switch A fail?

Out of box STP is enabled. Would that suffice do you think?

@dbeato said in N2048 Switch Stack:

@jimmy9008 said in N2048 Switch Stack:

ate a loop that would kill the network if I made Eth2 on the firewall part of the trusted/LAN network and then connect Eth2 to member B? The idea would be that if A dies, B still can get to the firewall as it has a path too...

You can do this if you have STP properly setup with only one root bridge.

Would that be setup purely switch side, or firewall side too? Looking at the N2048 documentation now.

Hey folks,

Quick one...

I have a Dell N2048 stack. Stack member A connects to the firewall eth 1 (trusted/LAN). Eth 2 - 4 are disabled. Eth 0 is WAN. Eth 5 is WAN2 with second line.

If member A died, but member B stays up, connection to the firewall is down for the stack as the uplink is from member A, not member B.

Would I create a loop that would kill the network if I made Eth2 on the firewall part of the trusted/LAN network and then connect Eth2 to member B? The idea would be that if A dies, B still can get to the firewall as it has a path too...

Best,
Jim

@scottalanmiller said in Virtual Firewall:

@jimmy9008 said in Virtual Firewall:

@scottalanmiller said in Virtual Firewall:

If doing this, I'd recommend moving to Ubiquiti for your actual firewall, no upside to anything else in this range. Ubiquiti is the best.

Then the UTM VM for all those other functions. Or it can be multiple VMs, no reason to have all the functions in one. Like web proxy and AV could be two different VMs from different vendors, in theory.

If that UTM function is being handed over to the VM, why not keep M300 as the actual firewall which has not been the problem? The firewall part of the M300 has been great, its the UTM feature that i'd look to me moving off to the VM.

Just to make it easier to save money and unify management long term. It would be no rush, but at least make the plans now. You don't want to end up in a spot where the Watchguard gets replaced with something else incredibly silly later on. Sometimes it's worth investing well now (we are talking like $85) to make sure the right stuff is in place so that expensive stuff doesn't get bought again down the road.

Yes, that makes sense. Other things in the pipeling will take priority over this currently though. Will add to investigate this to my list. Ta Scott.

@scottalanmiller said in Virtual Firewall:

If doing this, I'd recommend moving to Ubiquiti for your actual firewall, no upside to anything else in this range. Ubiquiti is the best.

Then the UTM VM for all those other functions. Or it can be multiple VMs, no reason to have all the functions in one. Like web proxy and AV could be two different VMs from different vendors, in theory.

If that UTM function is being handed over to the VM, why not keep M300 as the actual firewall which has not been the problem? The firewall part of the M300 has been great, its the UTM feature that i'd look to me moving off to the VM.

@scottalanmiller said in Virtual Firewall:

@jimmy9008 said in Virtual Firewall:

@scottalanmiller said in Virtual Firewall:

What's the goal? Why two firewalls? This isn't something that you normally want, unless this is to create an old fashioned full on DMZ.

VyOS would be the main choice for something like this.

WatchGuard have a bug in thier firmware which is holding us back from using thier M300 firewall in the way we want. Specifically, issues with their content action functionality and proxying the traffic. We plan to either move away from WatchGuard entirely (staged by having these two firewalls initially), or split the services until the bug is resolved (no timeline for that currently).

The M300 will have our 1 Gigabit WAN. The virtual firewall will route out via our 100 Megabit WAN for specific servers only.

Those are all UTM features, not firewall features. I have a suspicion that you are looking for a UTM, not a firewall. Or possibly that you are looking for UTM functionality, not firewall functionality, behind a firewall, which is a great way to go if you need that stuff. But using the wrong words so we are giving bad info to you, if so.

Any examples of virtual UTM devices in that case?

Sophos look to do a free virtual firewall 'Sophos UTM Essential Firewall' - anybody used it? Thoughts?

@hobbit666 said in Virtual Firewall:

@jimmy9008 I've used pfSense in the past and liked it. Also used untangled

I will add untangled to my list; any you would totally avoid?

@scottalanmiller said in Virtual Firewall:

What's the goal? Why two firewalls? This isn't something that you normally want, unless this is to create an old fashioned full on DMZ.

VyOS would be the main choice for something like this.

WatchGuard have a bug in thier firmware which is holding us back from using thier M300 firewall in the way we want. Specifically, issues with their content action functionality and proxying the traffic. We plan to either move away from WatchGuard entirely (staged by having these two firewalls initially), or split the services until the bug is resolved (no timeline for that currently).

The M300 will have our 1 Gigabit WAN. The virtual firewall will route out via our 100 Megabit WAN for specific servers only.

Hey folks,

Looking at setting up a virtual firewall in addition to our existing physical. Any pointers? Never looked in to virtual firewalls before. These are some quick returns online, any to stay away from when going through them and reviewing?

• ClearOS
• IPCop
• IPFire -> is this the same as IPCop?
• OPNSense
• pfSense

Any to totally avoid (lack of development, outdated etc)...

Not after specific features yet, just looking ones that should be avoided at all cost...

Thanks,
Jim

@scottalanmiller said in What Are You Doing Right Now:

@jaredbusch said in What Are You Doing Right Now:

About to leave the bar. Been drinking with a friend all evening.

Been drinking at home all evening.

Have no friends...

The main screen is actually not that bad. This is a decent view, green means everything is within the agreed limits. Each item has five or so checks underneath. Disk, RAM, Ping, Event Log, Uptime etc... You can drill down to them by clicking on them.

@krisleslie would that do what you need? I'd guess that screen will still be usable at 100 VMs as any issues would change from green to red, flagging it to you?

I'm doing these checks with PRTG locally, at even 75 servers the main screen is crazy to look at.

I really like the hardware side, going in to the server room full of hundreds of blinking lights at night in the dark is cool - i'd miss that too much with collocation only.

Currently, yes. Will try that with the director in a little while, but, would be great to use the default app.
In iOS 10, this was all good. But 11, nope.

Could it be linked to any iMessage type settings? I understand iMessage sends 'read', so perhaps that controls automatically sending 'read' in the default app too? I'm seeing read receipts being sent, even when not requested by the original sender...

@bigbear said in Office 365/Read Receipt/iPhone:

@jimmy9008 said in Office 365/Read Receipt/iPhone:

@bigbear said in Office 365/Read Receipt/iPhone:

@jimmy9008 said in Office 365/Read Receipt/iPhone:

@bigbear
The mail app with exchange. Not the Outlook App.

Under the account in Outlook mobile, settings, turn off automatic replies.

Do you mean within the account setting on the iPhone?

Yes in the Outlook iOS app, unless you are using the Mail app built in to iOS

I'm using the default mail app, specifically the exchange option within the default mail app.

@bigbear said in Office 365/Read Receipt/iPhone:

@jimmy9008 said in Office 365/Read Receipt/iPhone:

@bigbear
The mail app with exchange. Not the Outlook App.

Under the account in Outlook mobile, settings, turn off automatic replies.

Do you mean within the account setting on the iPhone?

@bigbear
The mail app with exchange. Not the Outlook App.