[pfSense] IPv6 cross-LAN access problem to virtualized host

2016-05-17 Thread Bryan D .
I'm in the process of enabling IPv6 on a working IPv4 3-LAN, 2-WAN setup using pfSense 2.2.6 (I'm also in the process of testing 3.0 and did a cursory test and got the same results with our 3.0 test setup). We're getting IPv6 via a Hurricane Electric tunnel. There are 3 LANs each with a /24

[pfSense] Soeckris Net5501 SSD

2016-05-17 Thread Karl Fife
I have about 15 Net5501's OR Lanner FW-7541D's in the field running embedded/Nano on CF cards. There's not enough space on a 1GB CF to upgrade to v2.3. Of course I can upgrade to larger CF cards, however the eventual phase-out of NanoBSD makes me wonder if it's better to install a SATA SSD

Re: [pfSense] firewall rules with fqdn-alias

2016-05-17 Thread Martin Fuchs
Hi, Steve ! No dots in the alias, yurt in the fqdn-address, the lookup works fine, so the resolved fqdn are visible in the tables, but it seems as if the rule is not applied. But there is no error... Any diagnostic hints ? Regards, Martin > Are you using dots in your FQDNs? Those aren't valid

Re: [pfSense] Zero Trust Networks

2016-05-17 Thread Randy Morgan
Hi Jim, I have been reading a lot and the NIST document is actually printed and sitting on my desk. I would love to talk with you privately, feel free to call me, or we can setup a time to meet in person, just give a few different times that you are available and I can see which one works

Re: [pfSense] Zero Trust Networks

2016-05-17 Thread Jim Thompson
Hi Randy, Ex-BYU student here. M.E. ’84, but I started in Chem, and maintained a vacuum distillation apparatus in the basement of ESC that was part of the Chem departments research in lasing emulsion dyes. I have a relative (Steve Walker) in the English department, too. If you’ve read the

[pfSense] Zero Trust Networks

2016-05-17 Thread Randy Morgan
I have been doing some reading on zero trust networks, there is much to learn and this is a major paradigm shift in security thinking. Can pfSense be configured to work in zones without a trusted zone, or is that something that is planned for a future release? Randy -- Randy Morgan CSR

Re: [pfSense] firewall rules with fqdn-alias

2016-05-17 Thread Steve Yates
Are you using dots in your FQDNs? Those aren't valid alias names... 'The name of the alias may only consist of the characters "a-z, A-Z, 0-9 and _".' -- Steve Yates ITS, Inc. -Original Message- From: List [mailto:list-boun...@lists.pfsense.org] On Behalf Of Martin Fuchs Sent: Tuesday,

[pfSense] firewall rules with fqdn-alias

2016-05-17 Thread Martin Fuchs
Hi ! We're using pfSense 2.3_1 here in a CARP-cluster. We are using rules with fqdn-aliases and those rules do not work. When i look under diagnostics -> tables i see the tables filled with the correct IPs. When I change the rule not to use the alias, but the IP instead, the rules works