Packages of Aliases (Port + IP's + company AC) for easy administrating



  • Hi, folks!

    Main idea are to make network security administrator work a little easy: give ability to easy create and manage firewall rules, routing and shaping for devices in company (or even home, IT professionals, for advanced users, or tech nerds).

    Better to explain this on simple (but common) situation:

    • have a lot of Apple iOS devices in company/home and need to quickly add rules to pfSence after You buy new appliance from Netgate;
    • company buy a software product that need to communicate with outside servers on a developer side;
    • company buy a new hardware (servers (like IBM IMM service, Dell/HP have similar) , email antivirus DPI inspector, etc...), that need to communicate with outside servers on a developer side;
    • blocking using social networks (we all need that our stuff pay attention on work neither spent working hours on instagram, tinder, facebook, twitter...)
    • ... (add yours)

    So, in both cases network admin need spend time to collect all needed info from manufacturer documents and guides, spend hours with techsupport in call center, read web, etc, etc...

    Instead of this better and easy way go to, let's to say "Firewall -> Aliases -> IP/Port/URLs Packages" and in one click installing IPs assigned to software, appliances or servers, even blocks of AC belongs to certain company.

    As for example Apple hardware/software there are TCP and UDP ports used by Apple software products and Apple Push Notification Service, Barracuda have Port Usage, Required Outbound Connections for Barracuda Appliances, etc, etc, etc

    P.S. Or may be this is a question to "Bounties" part of forum? :)



  • Another one Important thing that I forgot to write:

    • better usability (admins need less work for same result) means increasing popularity of pfSense that mean more secured end users, more sales of great NetGate network appliance, end even more admins improve professional skills to secure & manage networks;
    • better co-living with other brand's products also mean more pfSense support & hardware sales, win-win situation, more companies become to friendly to pfSense firewall;

  • Netgate Administrator

    Are you suggesting we could maintain a database of these ports? That is a pretty onerous task!

    Or have some way to import and group that data from some other location?

    Steve



  • @stephenw10 said in Packages of Aliases (Port + IP's + company AC) for easy administrating:

    Are you suggesting we could maintain a database of these ports? That is a pretty onerous task!

    I thinking more than double twice before writing this post.
    Because, as You point on, “onerous task”, let me to write “HUGE piece of work”.

    Or have some way to import and group that data from some other location?

    Steve
    So sorry, Steve, a without standards here, each hardware / software manufacturer strongly doing the way they prefer.

    In addition to this, You need to understanding that inside each manufacturer some “restructurisation processes” happened from time to time:

    • web portals redesign and how information represent;
    • internal grow/change hardware infrastructure that means new FQDN, IPs, ports;
    • new services for end users come in order (ports, IPs, FQDN added or changed);
      ...

    I know that only huge (Apple, IBM, Dell, SuperMicro, Juniper, F5, CISCO, Extreme, Windows, Wheatstone...) or common-well-known home appliance brands (D-link, TP-link, Hikwision, cameras/tv/smart audio, Siemens, ....) have so-so well organized and structured information.

    But anyway, the power of OpenSource is about not one man doing this. Even if only 100 people’s make some effort - sure, we have a beautiful result.

    Just step by step (for example):

    1. Most used IT appliance and software
    2. Most used home appliance
    3. Less known IT appliance
    4. Less known home applience


  • @stephenw10 said in Packages of Aliases (Port + IP's + company AC) for easy administrating:

    Are you suggesting we could maintain a database of these ports?
    Steve

    Another one example: a lot of scandals in 2019 according Remote access to home appliance, - smart tv, sound devices, climate control systems, in-home cameras...

    In this case pfSense may receive additional benefit, if “allow remote access to devices only from manufacturer side, or secured connection from user side” (we all from time to time goes to vacation;). And refuse connection from others.

    At least for first 2 NetGate hardware devises in product line, as they are intended for ordinary end users with no-IT knowledge.

    Because security for private house and devices pointed as most valuable and phenomenal increasing trend in 2019 and of course 2020.

    Security for ordinary non-IT people’s become more and more valuable in life. For everyone, from housewife to senators.

    And the product, that may say “I doing this easy “out of the box”, just buy me and connect wires. I am well known, well reputable in IT world at last 15 years, and serve more then 600.000+ customers, from small homes like Yours to big Internet and Audio/Video Content providers” - this product really eating another one big piece of money on a whole market.

    Because right now a lot of well-known companies doing routers, a lot of companies doing router software. But only few of them doing the solution that “just work” and talk with end customers on a language that customer well understand. ;)

    Like Apple with their “ecosystem”, like Amazon with “Alexa-devices”. For end users all of this “just work”: buy, unbox, connect cables, working with no problem :)


Log in to reply