[pfSense Support] boot failure on alix with pfSense 1.2.3-RC3 (or more recent snapshots)
Hello, Is anybody running pfSense on an alix1c, alix1d or alix3c3 ? (the types with 1 NIC and VGA/USB) I've been using pfSense on these types of alix boards for a while now, in setups with VLANs on the onboard NIC or a wireless card in the mpci slot as a second NIC. I found out the nanobsd version 1.2.3-RC3 doesn't boot on them, gets stuck at Starting device manager (devd)... Same CF works fine on an alix2c3. All test boards are running latest BIOS version, even tested with various other BIOS versions. I've just tested the latest snapshots available for 1.2.3 and 2.0 as well, they don't boot either. More details are in the forum post at http://forum.pfsense.org/index.php/topic,20405.msg107742.html Sorry for posting on both the forum and the mailinglist, but the forum thread didn't get any answers in the last 2 weeks, and I feel this issue is important enough to make sure it got noticed. If however this is not a priority for the pfSense team, just say so and I'll stop whining :-) Regards, Hans - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
[pfSense Support] OPT WAN issues
Please forgive my noob questions... I've added a 2nd WAN interface called CABLEWAN to my pfSense installation. The cable modem is set to straight bridge and seems to be working correctly. PfSense sees the interface as up. But the interface can't ping the gateway. I created a gateway pool in Load Balancer with the existing WAN and new CABLEWAN, and set that pool to be the gateway in my LAN rules. I made a rule for CABLEWAN allowing all http traffic. Still no traffic on the new interface! Am I overlooking something obvious here? Luke Jaeger | Technology Coordinator Pioneer Valley Performing Arts Charter Public School www.pvpa.org - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
[pfSense Support] PFSense advocacy
I realize this is a support forum, so if there is a better place to post this, I will take it there. So, I'm trying to get a pfsense box in the shop because I've enjoyed working with it on my own setup. The boss is fairly open-minded and open to a healthy discussion on the topic, but in the end, he wants to know why this would be preferable to a Cisco solution. Since I've never worked extensively with Cisco, can someone give me a few salient points to throw at him. I already used the cost argument, he wants more. Thanks. -- ## This email is confidential, does not constitute investment advice, is only for the use of the intended recipient and should not be redistributed, except with the sender's consent. If you received this email in error, please notify us immediately by telephone; receipt by anyone other than the intended recipient is not a waiver of any work-product or attorney-client privilege. All email to and from Millburn Ridgefield Corporation and its affiliates is monitored, stored and made available to regulators if requested. ## - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] PFSense advocacy
Ron García-Vidal wrote: I realize this is a support forum, so if there is a better place to post this, I will take it there. So, I'm trying to get a pfsense box in the shop because I've enjoyed working with it on my own setup. The boss is fairly open-minded and open to a healthy discussion on the topic, but in the end, he wants to know why this would be preferable to a Cisco solution. Since I've never worked extensively with Cisco, can someone give me a few salient points to throw at him. I already used the cost argument, he wants more. Thanks. I think it's better to start with providing of what you expect from 'firewall in shop'. In what way are you going to use this firewall? what functionality/bandwidth do you need? Evgeny. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] PFSense advocacy
On Wed, Dec 2, 2009 at 2:26 PM, Ron García-Vidal r...@millburncorp.com wrote: Since I've never worked extensively with Cisco, can someone give me a few salient points to throw at him. I already used the cost argument, he wants more. The support for PFSense is top notch. Between the mailing list and the forums I can't recall a single question gone unanswered, or a bug unaddressed. I've also seen Cisco equipment die, at which point you are dependant on Cisco to ship a replacement part. With PFSense's ability to run on a variety of hardware, you can choose your components and have a variety on hand in case of failure. Incidentally, this feature also makes it easy to upgrade. That's what I like about it. Oh, and the fact that it's open source is big with me, although that may or may not resonate with your boss. db - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] PFSense advocacy
1) Cost is the biggest advantage. 2) Open Source is also huge, if Cisco goes bankrupt I'm out of luck for support, If pfsense stops, i just need the source code and some knowledge of how it works and i can support pfsense forever. 3) pfSense can be customized to the nth degree. Good luck trying to get a feature added to Cisco ASA. 4) As long as your hardware is good, pfSense can be pretty reliable. I just started deploying some Cisco ASA (I would have deployed pfsense, wasn't my choice). I had high hope for the Cisco ASA line-up, but after configuring them my love for pfsense just grew more and more. I have configured and used most firewalls. pfSense is #1 followed closely by m0n0wall.. :) Adam Ron García-Vidal wrote: I realize this is a support forum, so if there is a better place to post this, I will take it there. So, I'm trying to get a pfsense box in the shop because I've enjoyed working with it on my own setup. The boss is fairly open-minded and open to a healthy discussion on the topic, but in the end, he wants to know why this would be preferable to a Cisco solution. Since I've never worked extensively with Cisco, can someone give me a few salient points to throw at him. I already used the cost argument, he wants more. Thanks. No virus found in this incoming message. Checked by AVG - www.avg.com Version: 8.5.426 / Virus Database: 270.14.90/2540 - Release Date: 12/02/09 07:33:00 - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] PFSense advocacy
Start with cost. There is no cost per seat with pfsense. You don't have the up front cost of an expensive PIX or other Cisco Security product plus the license fees. You don't pay extra for extra features either. It will run quite nicely on a dual core atom based supermicro server from New Egg at about $350.00 bootable from a USB key vs having to pay gobs of money for RAM for a Cisco router if you're running lots of VPN tunnels. Ease of configuration. You still SSH in and get a command line if you want, but the GUI works very well and is very fast. If you can redirect users to an internal proxy server, if you wish. Its BSD, its secure (except for VPN password storage in plain text in the XML config file). You can edit the config file by hand and upload it if you wish. It has lots of nice features such as auto failover (CARP), etc. Tons of plugins available for the download. It even handles SIP proxy, etc. Its a very nice solution without all the added cost that you'd have to purchase from Cisco. You can get paid support if you need it. There's a large community of security conscious developers working on it so it has a lot of code review. Its very stable and has a small footprint. The one I use the most has been up for 114 days and was only down because the power company's last outage lasted longer than the battery. One of the last required updates I saw was due to an instability that occured when there were more than x thousand tunnels running sinultaneously. It supports VPN standards and standard clients rather than requiring CIisco's proprietary client. Hope this helps a little, Curtis Ron García-Vidal wrote: I realize this is a support forum, so if there is a better place to post this, I will take it there. So, I'm trying to get a pfsense box in the shop because I've enjoyed working with it on my own setup. The boss is fairly open-minded and open to a healthy discussion on the topic, but in the end, he wants to know why this would be preferable to a Cisco solution. Since I've never worked extensively with Cisco, can someone give me a few salient points to throw at him. I already used the cost argument, he wants more. Thanks. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] PFSense advocacy
On Wed, Dec 2, 2009 at 4:26 PM, Ron García-Vidal r...@millburncorp.com wrote: I realize this is a support forum, so if there is a better place to post this, I will take it there. So, I'm trying to get a pfsense box in the shop because I've enjoyed working with it on my own setup. The boss is fairly open-minded and open to a healthy discussion on the topic, but in the end, he wants to know why this would be preferable to a Cisco solution. Since I've never worked extensively with Cisco, can someone give me a few salient points to throw at him. I already used the cost argument, he wants more. Commercial support should help put Boss's worries at bay: https://portal.pfsense.org/ Between this, the mailing list and forum you are covered. Scott - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] PFSense advocacy
Commercial support should help put Boss's worries at bay: https://portal.pfsense.org/ Between this, the mailing list and forum you are covered. Scott The big selling points for my Boss' were 1) cost 2) features 3) ease of use Cost is a no brainer. The features of pfSense that we needed sold the solution very easily. Failover, Load Balancing, SNORT IDS, Proxy Filtering and an great web based configuration engine were the key ones. All but the proxy filtering was needed for our hosting environment and a huge selling point for our corporate firewall was the proxy filtering (with squidguard) to keep our users in check. Ease of use was huge because we didn't have to drop to CLI every time someone needed a non standard configuration. Cough, cough Cisco Curtis LaMasters http://www.curtis-lamasters.com http://www.builtnetworks.com - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] boot failure on alix with pfSense 1.2.3-RC3 (or more recent snapshots)
Hans Maes schrieb: Hello, Is anybody running pfSense on an alix1c, alix1d or alix3c3 ? (the types with 1 NIC and VGA/USB) I've been using pfSense on these types of alix boards for a while now, in setups with VLANs on the onboard NIC or a wireless card in the mpci slot as a second NIC. I found out the nanobsd version 1.2.3-RC3 doesn't boot on them, gets stuck at Starting device manager (devd)... Same CF works fine on an alix2c3. All test boards are running latest BIOS version, even tested with various other BIOS versions. I've just tested the latest snapshots available for 1.2.3 and 2.0 as well, they don't boot either. More details are in the forum post at http://forum.pfsense.org/index.php/topic,20405.msg107742.html Sorry for posting on both the forum and the mailinglist, but the forum thread didn't get any answers in the last 2 weeks, and I feel this issue is important enough to make sure it got noticed. If however this is not a priority for the pfSense team, just say so and I'll stop whining :-) Regards, Hans - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org Try this http://doc.pfsense.org/index.php/NanoBSD_on_WRAP - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] PFSense advocacy
The office just sent me to Cisco IPS training. Cisco ASA's have (linux) hardware modules that you can add for IPS -- basically the same thing that Snort does, but for additional cost, licensing, and maintenance on top of the equipment you already bought. Snort signature updates are cheap compared to Cisco's. And when you have two Cisco ASA's in active-passive, you still manage every config item on the two IPS modules separately, including signature updates. I'm still learning how to do in Cisco IPS what I can already do in Snort. Cisco training is expen$ive and not all that great -- usually covers the last ASA/IPS version before the one you're using. In our office, we're not allowed to use GUI tools to manage the ASAs, so I also need to learn Cisco syntax which isn't covered in-depth in training classes. The one thing we rely on in our office that I haven't done with pfSense are IPSec VPNs using Active Directory for authentication. Now that pfSense has a book, what else do you need? Larry On Wed, Dec 2, 2009 at 5:04 PM, Curtis LaMasters curtislamast...@gmail.com wrote: Commercial support should help put Boss's worries at bay: https://portal.pfsense.org/ Between this, the mailing list and forum you are covered. Scott The big selling points for my Boss' were 1) cost 2) features 3) ease of use Cost is a no brainer. The features of pfSense that we needed sold the solution very easily. Failover, Load Balancing, SNORT IDS, Proxy Filtering and an great web based configuration engine were the key ones. All but the proxy filtering was needed for our hosting environment and a huge selling point for our corporate firewall was the proxy filtering (with squidguard) to keep our users in check. Ease of use was huge because we didn't have to drop to CLI every time someone needed a non standard configuration. Cough, cough Cisco Curtis LaMasters http://www.curtis-lamasters.com http://www.builtnetworks.com - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
[pfSense Support] Is your embedded pfsense stable?
*1.2.3-RC3, nanobsd on a Netgate Alix board with 256 MB RAM and a 8GB CF card. The firmware and all have been updated. Have been playing around with this box as a firewall for the last couple of weeks. Then I did the unthinkable and ventured out of my comfort shell. Installed DNS Blacklist, Snort and Backup. Well, I can report that Backup runs without problems. Initially DNS Blacklist ran but then I installed the dreaded pig... Snort. I had to try a few times for the install to take. Then Snort ran and I got even bolder. I turned on a bunch of rules without knowing what they actually did. And that did me in. Keeping my eye on the RAM - I reached 84% and then it happened. As Snort rules get exercised, memory usage skyrockets and froze my little Alix box. So, my question really is how far can these little machines be pushed? Mehma *