4. Nateo segun hardware

Nateo segun hardware

  • J

    Estimados.

    Tengo instalados algunos Firewalls en mi organización usando computadores de escritorio, he detectado un problema con el Nateo que no puedo acceder a traves de la IP publica a la pagina del pfSense de algunas sucursales.

    Esta la misma configuración que las otras sucursales, pero a pesar de so es imposible acceder a la pagina Web del servidor. He optado por reinstalar desde cero pero no funciona.

    Se solucionó cuando cambie de equipo y con la misma configuración si puedo acceder.

    Lo novedoso es que si Nateo a un servidor dentro de la sucursal usando cualquier puerto, este si funciona, pero no funciona si lo redirecciono a la IP interna del servidor.

    Pienso que es alguna incompatibilidad de la tarjeta de red o del mainboard del equipo utilizado. Si pueden darme aportes sobre este tema les agradezco, ya que no tengo mas equipos disponibles para usar y es indispensable hacer uso de estos equipos. Gracias

    0
  • J

    Hola

    No aconsejan que sea accesible desde Inet, ya sea en la WAN o mediante NAT (rediririgiendo desde la WAN a  la LAN) la administración de pfSense (http, https, ssh).

    Para administrar en remoto pfSense, se aconseja usar VPN (IPsec, openVPN)

    https://doc.pfsense.org/index.php/Remote_firewall_Administration

    Several ways exist to remotely administer a pfSense firewall that come with varying levels of recommendation. They all work, but their use may vary for any number of reasons (Client restrictions, corporate policies, etc.)
    Use a VPN

    The safest way to accomplish the task is to setup a VPN that will allow access to the pfSense firewall and the network it protects. There are several VPN options available in pfSense, such as OpenVPN or IPsec. SSH tunneling to the GUI is also possible. Once a VPN is in place, the GUI may be reached safely by using a local address such as the LAN IP address. The exact details will vary depending on the VPN configuration.
    Restricted Firewall Access

    If the WebGUI port must be to the Internet, restrict it by IP address/range as much as possible. Ideally, if there is a static IP address at the location to manage from, allow traffic from that IP or subnet and nowhere else. Aliases are good to use, and they may include fully qualified domain names as well. If the remote management clients have a dynamic DNS address, add it to a management alias.
    Use HTTPS

    HTTPS should always be used to encrypt access to the WebGUI port. Modern browsers may complain about the certificate, but an exception can usually be stored so it will only complain the first time. To use HTTPS then it will be necessary to enable it under System > Advanced, Admin Access tab, using the Protocol option in the webConfigurator section.

    Salu2

    0
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2002 - 2019 Rubicon Communications, LLC | Privacy Policy