Комментарии:
Hi Laurence you are a reference abroad for me, your knowledge is precious, and exactly that the fact that you explain things easily and right to the point.
ОтветитьTom, Your NAS has 4 NIC's, ? What type of Synology NAS are you using ? I presume your phone can access the camera's with the DS cam app right ?
ОтветитьHi does the Ubiquiti UniFi Dream Machine support Wireguard out of the box, or do I have to look at the Netgate SG-2100 ?
ОтветитьSo, complete noob here and trying to learn, but im assuming you aren't able to remotely view your cameras since it's segmented off?
Ответитьfirst of all, thanks for this great content.
i managed to make my pfsense setup to work properly but now i'm facing a very annoying issue.
when my system reboots for example due to a power outage, pfsense cant get the WAN address automatically. i gets WAN as blank.
any idea what could be happening?
and where did you get the firewall_Service_port port from ?
ОтветитьCan psSense do ssl inspection / decryption like the Palo or fortinet? Thx
Ответитьthe first part of the setup when first getting to the configuration wizard for the basic connection with the modem/router. You didn't cover that part.
ОтветитьThis is one of the best tutorials I have ever seen. Thanks a lot.
I have two questions:
1. How Synology will do update? Maybe I missed that part, sorry if that is a case,
2. How your phones will sync/backup photos to Synology? Phones are on NSFW LAN and devices assigned to that interface cannot see CAMLAN. If I have this use case, what is best approach?
How to add another wan
ОтветитьCan you post the config settings for the CamLan info? I for some reason am really stuck on getting this to work. I have a single host I don’t want to reach the internet but I still need it to grab NTP and communicate with the other devices on the same network. I just can’t figure it out. Thanks!
ОтветитьIs plex running from your synology? How do you separate plex and the synology interface from on the different networks?
ОтветитьUnder-rated and under subscribed channel. Fixed that for myself! Liked and subscribed, looking forward to binge watching your stuff. Cheers mate.
ОтветитьUnfortunately the business information being advertised in the videos for hire is not reliable information and does not exist.
Ответитьpfsense is not recommended Misc upgrades have caused huge issues including having to re-flash your device. Make sure you have backups! I do not recommend them.. sadly
Ответитьis this setup as vlan in pfsense to get the separate ip address and a group?
ОтветитьI'm a fan of pfsense, hands down best in the Industry
U can use it in ISPs, IXPs, and simple home networks, but for a home network, that sophos home edition is also a nice piece
VLAN1337 Lit
ОтветитьI've been a security operations manager for years, and it physically hurt me to see you use one subnet for IOT, Phones, AND a DMZ. Plex is publicly exposed, it goes in a DMZ, there really should not be exceptions to that rule unless you're forced at gunpoint.
Malware is made for Android devices far more often than any other OS. Your phone has a huge amount of important information, 2 factor authenticators, 2 factor textessages, probably saved passwords, photos, anything sensitive you've said in texts, microphones and cameras that can be accessed if the device is fully compromised, etc. Having your phone on the same network that you're using to expose shit to the public internet is insanity.
ok; what about cameras like wyze cams and firmware updates
ОтветитьThank you for so many helpful tutorials. I'm confused about the first rule on the NSFW_LAN. Why is the source '*' for this rule, but the other blocks have source NSFW_LAN? Wouldn't all connections to this interface and going to 'This Firewall' originate on this interface? Wouldn't then source '*' and source 'NSFW_LAN' be the same set of connection attempts? Thank you.
ОтветитьIf we block internet access for camlan...how do we remotely view the cameras when away from the location? Can we view cameras remotely?
ОтветитьHi Tom. What kind of switches do u use ? Each segment on its own switch ? Or u have a big switch and use vlans ?
ОтветитьI love this guy's channel!! Subbed!!
ОтветитьLate to the party, but how do you handle wireless audio devices like HEOS or Sonos, possibly an AVB? These devices don't need a lot of bandwidth, but they do need stable connection with not a lot of network noise. These do not seem to be suitable for the nsfw network.
ОтветитьWhy don't we need to allow any IPv6 traffic if they have indeed run out of IPv4 addresses?
ОтветитьGreat video. Do you have a newer video that includes making Pfsence more secure for a small business?
ОтветитьI have 2 real networks :) One in the front of the house based on the router of the ISP. It is used by a Smart-TV and phones including those of visitors. The second is in the back of the house based on an old TP-Link Router connected by Ethernet to the ISP Router. The TP-Link Router only supports 100 Mbps, so I added a cheap 5 port 1 Gbps switch. It connects my desktop; backup-server; laptop and over WiFi our phones and Smart-TV. That TP-Link Router is closed for all inbound traffic; user-id and password are changed and it only allows admin access with the MAC addresses of my desktop and laptop. 100% secure, except for entry through asocial media, browser or Email :( :(
ОтветитьHow about if I want to block pfsense admin access from the wifi access points similar to the NSFW example?
ОтветитьHello from the UK - Great video as always! question for your NSFW, would you recommend using a DNS redirect rule to avoid client machines attempting to connect to their own DNS and redirect to the router DNS? or too much bother for the potetnial benifits? Thanks
ОтветитьSo how does one easily monitor an external camera when away from the home.. without having to VPN each time ..🤔
ОтветитьThis Video helped me a lot. Thank you
ОтветитьWould you consider a video detailing the connections and network configurations with your Synology NAS to your private and NSFW networks?
ОтветитьOne question. What would be the rules in CAMLAN if I want to let my NVR to send email notifications?
ОтветитьHow do you separate the admin interface from the services on the synology and NAS?
ОтветитьTom do you run pfblockerng at home?
ОтветитьGET THE F'N OLD COWORKER CRIMINALS OFF MY PC, THEY ARE GOING TO BE CHARGED BOTH CIVIL AND CRIMINAL CHARGES; WONDER IF HTE COMPANY IS GUILTY ALLOWING THIS
ОтветитьThank you for this. Was struggling with configuring pfsense because my only firewall experience was with corporate firewall software. Seeing your rule configuration just made it click!
ОтветитьDo you have any video that you speak about the pfSense features? How does pfSense compares with DD-WRT for Home use?
ОтветитьI have 6100 i need help setting it up with 10gig wan/lan and 10 gig cisco switch
ОтветитьSpeaking as a network engineer, too many block rules, weird choice of subnet ip ranges, not a fan. Positive is that there is network separation at all, which is not a given even in corporate contexts.
But then, there's surprisingly little guidance on this topic out there.
Can you open up some of those rules so we can see the details?
ОтветитьThis might be a silly question, but how would you assign each devices to each VLAN?
ОтветитьYou do a lot of graphic/charts work... what app do you use if you would not mind.
ОтветитьOPNsense better <3.
Ahah nice video BTW.
Can you do a video on how to connect an external WIFI AP to PF sense router and have some wifi conected devices go to separate networks? Something is wrong with mine. I give devices a static ip on one subnet but they sometimes get a connection on the wrong one.
ОтветитьBy isolating the cameras on a separate vlan, can you receive notifications of intrusion events on your phone which is on the NSFW vlan or see the video on your phone from the NSFW vlan? I like the idea of isolating the cameras and the NVR port on the synology, but what about camera notifications and seeing the video when you are not at home?
ОтветитьI have recently set up Vlans on my network. I have the cameras on their own vlan and was concerned that they would not be able to talk to the cloud key on another vlan so I made a rule that allows traffic from the camera network over to the specific host (cloud key) on the other vlan. Is this necessary?
ОтветитьYou see to have used pfsense quite a bit, how would you say it compares to the flexibility and feature sets of Mikrotik's RouterOS?
Ответить