@jgq85 It wouldn't be a WAN port. The WAN port connects to the Internet, though you could consider the port on the UDM as "WAN" as it's the one that's closest to the Internet. You can connect it to pfsense with either a separate LAN port on pfsense or VLAN.

@gm192 said in Automated exfiltration advice: Thanks for all the advice. After reading the replies it looks like I'm going about things the wrong way. Using a firewall is set, but I get to choose the data exfiltration techniques and I've clearly tried the wrong one. I'll have a look at transferring large amounts of data and see if I have any success. I was thinking of trying DNS exfiltration, but I imagine I'd run into the same issues as before. Again, thanks for all the help and if you have anymore advice it would be welcomed :) Here is a link to some Gartner data on Data Loss Prevention software (DLP): https://www.gartner.com/reviews/market/enterprise-data-loss-prevention. As I mentioned previously, this kind of software tends to start getting pretty expensive pretty fast. But it can be quite effective. The company I retired from ran a product on all user PCs, and also a few servers (might have been the Symantec one, now that I think about it). Any data copied from any network drive or local hard drive to portable media (i.e., CD/DVD-ROM or USB stick or hard drive) was logged. It recorded the logged-in user, the filenames copied, where they were copied from (source) and where they were copied to (destination). I believe remote alerts from this activity could also be generated. Even though I worked in network security, I was not directly responsible for managing the DLP product, so I don't know all of its features. It also goes without saying, that having the proper permissions on file folders containing sensitive or proprietary data is paramount! You probably don't want to give the group everyone read access ... .

Does anyone have an idea about my issue? Thank you, Mauro

good morning i have the same problem this is last row of error report 69034 /diag_authentication.php: ERROR! Could not bind to LDAP server Google. Please check the bind credentials. Jul 20 18:51:20 stunnel 69347 LOG5[0]: Connection reset: 0 byte(s) sent to TLS, 0 byte(s) sent to socket Jul 20 18:51:20 stunnel 69347 LOG3[0]: SSL_accept: /build/ce-crossbuild-252/sources/FreeBSD-src/crypto/openssl/ssl/record/rec_layer_s3.c:1544: error:14094418:SSL routines:ssl3_read_bytes:tlsv1 alert unknown ca Jul 20 18:51:20 stunnel 69347 LOG6[0]: Peer certificate not required Jul 20 18:51:20 stunnel 69347 LOG5[0]: Service [Google] accepted connection from 127.0.0.1:50399 Jul 20 18:50:45 stunnel 67696 LOG5[ui]: Switched to chroot directory: /var/tmp/stunnel Jul 20 18:50:45 stunnel 67696 LOG5[ui]: Configuration successful what can i try to test the ldap functionality ? thanks Alberto

@nikla said in How to configure mail server behind pfsense router: I have been running my mail server on a server/NAS at home since 15 years. I do it to motivate myself to learn things. You might be correct when advise me not to run a server exposed on internet at home. I still believe that it is possible to run a server at home using a pfSense router in front of a NAS. I still fail to configure that so my question remains. I just wanted to warn you, that using a 'mail server at home, behind an ISP type WAN IP' is cumbersome. It's excellent for the "how to do so" and "learn" practises, I agree. But as soon as you get the hang of it, you want an always-on solution, which means : no bad ISP land lines problems, No DNS issues, no power issues, no drive-went-bad issues : you don't want to bother with all the hardware details. You want to be reachable (by mail) at all times, even when you go off the beach for a couple of days. That's why advise the "2$ / month solution". For my, my Synology devices are just used for what they are meant to be : backing up local devices. Btw : NATting port 25 TCP to an internal device is like NATting port 143 TCP to an internal device is like NATting port 110 TCP to an internal device is like NATting port 993 TCP to an internal device etc etc Just that one number changes. About the certs (from Letenscrypt) : The pfSense package 'acme.sh' is handling the renewal. Every 60 days or so, when I get a mail that informs me that the cert "*.mydomain.tld" has been renewed, I export the two new 'cert' files, and import them in my Synos. True, this is a manual operation and I have one month (after renewal) to do so. I actually do not really need 'known' certs on my Syno, self signed or over-time certs will get flagged by my browser (if I didn't create an exception for my internal 'LAN-bases' internal devices, as I do trust them anyway). You can probably also have the Syno ask for 'letensrypt' certs.

@jadejaws said in How to block randomized MAC addresses?: Mine does. DHCP Server service does anyway. That's not filtering. It's assigning an IP address to a MAC address. If it was filtering, you could create a rule to do that. I have worked with other firewalls that can filter on MACs.

Curious. Are you seeing Group Policy Errors in some of your client's Event Logs? If so, what are they? Wondering if you have a DNS issue as AD relies heavily on DNS.

@PerfectBake420, The issue you are having CANNOT be fixed without upgrading both the Server and Client side Internet to a minimum of 100 x 100. Your upload speed needs to be just as fast as your download speed at both locations. This is the nature of QuickBooks and not a problem with your VPN. Intuit has something called the QuickBooks Database Manager that runs on the Server hosting QuickBooks. However, don’t confuse the “QuickBooks Database Manager “ with something like SQL. The QuickBooks database may as well be a “flat” file. This means every time you access QuickBooks from a workstation it is taking all of the QuickBooks files on the Server and passing them over the network to the workstation. There are four QuickBooks files that are involved with one company file. They are the QBW, DSN, ND, and TLG files. Combine the total size of all those files and that is what has to pass across the VPN. Obviously, things probably work well within your LAN because you most likely have a Gigabit switch which is 1000 x 1000. There is NO WAY you can make this usable for an end user without very fast bandwidth, in both directions, at both sites. An alternative would be to setup another workstation at your office (a VM perhaps). Install QuickBooks on that workstation and have the user log in via Windows RDP to that workstation across the VPN. OR, if QuickBooks Online is a viable option you could migrate to it and pay the monthly fee. Unfortunately, I know a ton about setting up QuickBooks and it’s something I’m not proud of. There is a saying in IT about QuickBooks. It goes….”I don’t know why they call it QuickBooks, cause there is nothing quick about it.”...at least from an IT standpoint.

@mccann25 I think we are having the same problem. I only have 1 DNS Resolver 127.0.0.1 -- I didn't get the Bad Gateway message, but I likely didn't wait long enough.

It's possible the hardware problem started from the reboot during upgrade and not from anything in 2.5.2. You'd be surprised at how many hardware issues only start or get noticed after a reboot, and then seem to coincide with an upgrade as a result. But there isn't a lot to go on to say with any certainty what the cause might be. Are those logs in reverse order with the newest on top? It appears that way. Normally that kind of log message about a NIC only happens from a hardware event (e.g. cable is unplugged).

@imburr said in Firewall *Stops* and Break in Logs For Extended Time: @bmeeks Very interesting! The work PC is connected via ethernet to a 8 port switch, which then has one homerun into the main 24 port switch, which then has one ethernet cable going to LAN on the pfSense. I cannot see for a way for it to be a physical loop, can a loop still happen in this instance, due to some misconfiguration or software issues? Most often I've seen network loops created by plugging one port into another on the same switch accidentally. It's also possible for something like bent pins on an RJ45 connector, or a faulty cable with an internal short, to cause a loop. It's just that a completely dead network where all devices on it seem "frozen", only for everything to return to normal when you remove, or power down, one device, is strong evidence for a network loop of some sort caused by that device. In your case, that seems to be your work PC. I would start simple by replacing the Ethernet cable for the work PC. Next, take a flashlight and carefully examine the pins inside the RJ45 Ethernet port on the PC's network connection. Look for two pins touching, or any that seem obviously bent or damaged.

Yes, I thought more people would have been seeing it given that I did. I queried it internally though and no-one else was having an issue. And then subsequent requests to the repo went through no problem. Perhaps I happened to catch the end of the issue. Steve

@rocket-0 With the Netgear modems you should not have to spoof at all on Comcast's Xfinity service. Simply rebooting the cable modem should be sufficient. Have you tried this?

@f3rn3po Ctrl+c

@cyberneticcody Can't edit for some reason... PFSense version is 21.05-RELEASE

Quick update, have narrowed down to /var/unbound/usr/local/lib/python3.8 Shell Output - df -hi /;du -s /var/unbound/usr/local/lib/python3.8; df -hi / Filesystem Size Used Avail Capacity iused ifree %iused Mounted on /dev/ufsid/5cdd3c209fe36da7 7.0G 2.0G 4.5G 31% 27k 935k 3% / 274800 /var/unbound/usr/local/lib/python3.8 Filesystem Size Used Avail Capacity iused ifree %iused Mounted on /dev/ufsid/5cdd3c209fe36da7 7.0G 1.4G 5.1G 22% 27k 935k 3% /

@gertjan said in Test email has no hostname?: @incith Locate : function saveAdvancedNotifications($post, $json = false) { global $config, $smtp_authentication_mechanisms, $pushover_sounds, $g; in the file /usr/local/pfSense/include/www/system_advanced_notifications.inc and add, as shown, a $g and save. Just wanted to say thanks for this!

@tagit446 i solved this problem, i realized that the NTP server wasn't working properly so i turned it off and seted the time and date manually by console. problem solved!

@brucexling exactly! Any book you buy is going to be outdated very quickly - even if just published a few weeks ago.. The living document is best resource..