iCloud Private Relay
-
@michmoor Hey man, good to hear from you. It's been nearly 2 years, but I think what I ended up doing back then was simply disabling that feature on our SSID settings on each device. I am still doing that today along with my current firewall. iCloud Private Relay does not play nicely with Control D (DNS), so we just disabled it altogether.
-
@DefenderLLC said in iCloud Private Relay:
disabling that feature on our SSID
Hey !! Hope all is well my friend.
What feature did you disable? For reference i have Unifi gear. -
@michmoor said in iCloud Private Relay:
@DefenderLLC said in iCloud Private Relay:
disabling that feature on our SSID
Hey !! Hope all is well my friend.
What feature did you disable? For reference i have Unifi gear.On all of my Apple devices, I just turned off the "Limit IP Address Tracking" feature which is iCloud Private Relay. This setting is located in the Wi-Fi settings for each individual SSID, or you can just simply disable it entirely from your iCloud settings (which is account-wide). IPR always breaks my EFG's SSL decryption/inspection, so I no longer use IPR on my SSIDs.
-
@DefenderLLC Ahh i misunderstood. Ok cool. IPR is a pain when im trying to do filtering on applied clients.
How is the EFG working out? -
@michmoor said in iCloud Private Relay:
@DefenderLLC Ahh i misunderstood. Ok cool. IPR is a pain when im trying to do filtering on applied clients.
How is the EFG working out?It's been great and I love being able to do IDS/IPS on the encrypted traffic with their optional CyberSecure Enterprise subscription (which is really Proofpoint's ET Pro @ $499/yr. under the hood) - EXCEPT - for this little PBR limitation which you can see the full story here:
-
@DefenderLLC Pretty scathing (i think so) indictment of Next AI you wrote
I will add that although its frustrating when a feature doesn't get implemented or implemented correctly, the grass isn't greener on this side of the garden either. Im dealing with unresolved but acknowledged issues. -
@michmoor I’m starting to regret selling you my 6100 MAX! I may order another Netgate appliance in the future, but all in all, I’ve been pretty happy with the EFG. I swapped out the 16 GB with a 64 GB ECC module. If they did anything right designing this unit, it was their choice of ARM-based CPU with 18 cores. It screams.
-
@DefenderLLC said in iCloud Private Relay:
I’m starting to regret selling you my 6100 MAX!
lol. Interesting you say that because i have been eying at the very least a UDM Pro.
Im just to comfortable with my pfsense but i would love some better app control.
Would love to read a blog post from you about the pros vs cons of the EFG especially compared to a high end Netgate appliance like the 6100. You've got considerable play time with it. -
@michmoor I still have that UDM SE that I’m no longer using if you’re interested in purchasing it. I even have a brand new 8TB replacement HDD coming for it. I moved all of my Protect cameras to a UNVR Pro and installed Talk on the EFG (not supported, but it works fine), so it’s just sitting in the rack doing nothing. Text me!
I’m out of rack space (again). UDM SE is just under the EFG.
-
You're trying to get me again.......lol
let me think about this.
The biggest hurdle is converting these firewall rules. Thats a weekend task. Bad enough i have to do firewall migrations for my job but do it at home as well? -
@michmoor said in iCloud Private Relay:
You're trying to get me again.......lol
let me think about this.
The biggest hurdle is converting these firewall rules. Thats a weekend task. Bad enough i have to do firewall migrations for my job but do it at home as well?I like to use pfSense and UniFi together. In fact, that’s the way I ran it for over two years. They introduced zone based firewall rules now, so things are much more granular than they ever used to be. I guarantee you it wouldn’t take you more than a day.
