Welcome, Guest. Please login or register.
Did you miss your activation email?
Tuesday 14 August 2018, 05:04:48 PM

Login with username, password and session length

Visit the official Endian Community Mailinglist  HERE
13800 Posts in 4199 Topics by 5807 Members
Latest Member: Burilarkaf
Search:     Advanced search
Pages: [1] 2 3 4 5 ... 10
 1 
 on: Monday 06 August 2018, 05:24:54 PM 
Started by rice.damianj - Last post by Dark-Vex
Hi,

you can do this without using another appliance, please follow this tutorial published by Endian

https://help.endian.com/hc/en-us/articles/218144788-How-to-split-a-zone-in-sub-zones

 2 
 on: Monday 06 August 2018, 05:23:17 PM 
Started by torpedo - Last post by Dark-Vex
Hello, you can disable the SIP ALG from SSH, follow this procedure

touch /etc/modprobe.d/blacklist-sip.conf
echo "install nf_nat_sip /bin/false" >> /etc/modprobe.d/blacklist-sip.conf
echo "install nf_conntrack_sip /bin/false"  >> /etc/modprobe.d/blacklist-sip.conf

Regards,
Daniele

 3 
 on: Wednesday 01 August 2018, 01:24:54 PM 
Started by rice.damianj - Last post by rice.damianj
Can anyone help please. I need another zone but currently I already have green blue and orange. So I put in a second appliance getting its red from the other green. But I am stuck. I can access all green from from appliance but not vice versa

 4 
 on: Wednesday 01 August 2018, 04:25:16 AM 
Started by torpedo - Last post by torpedo
Hello,

I need some information of how to disable SIP ALG on EFW 3.2.5 for use with a external voip provider.

Thanks for the help!

 5 
 on: Monday 30 July 2018, 05:14:11 PM 
Started by Francisco - Last post by Dark-Vex
Hi,

you are not able to access to your owncloud server by calling it with the hostname from the LAN or from the WAN?
If it's from the LAN you have two ways to fix it:
- Create a host record under "Network > Hosts" cloud.localhost.cl that point to the local IP. With this configuration the clients in the LAN will resolve the hostname with the local IP insted of the Public IP

- The alternative if you don't want to create an host entry is to create a NAT Loopback rule like this (it's just an example):

[you should already have this one i think if the service is reachable from outside]
incoming ip --> uplink main:IP:1.2.3.4
Incoming Service/Port -->tcp:8090
Translate to ---> 192.168.0.1
Port/Range-->tcp:8090

then go to from firewall > port forwarding/nat > snat and create a rule like this:
Source --> network/ip --> 192.168.0.0/24
Destination -> network/ip --> 192.168.0.1
Service/Port ---> 8090
nat to source address -> 192.168.0.254

 6 
 on: Friday 27 July 2018, 06:35:14 AM 
Started by mmiat - Last post by beto2p
First you should upgrade your endian to the latest version 3.2.5.
To do this, use the efw-upgrade command in the shell.

The https certificate must be installed on the client at "trusted root certification authority"

help.endian.com/hc/it/articles/115006253507-How-to-Set-Up-The-HTTPS-Proxy


i've tried to use https proxy
i can understand that endian can't read content and filter it, but why also blacklist / whitelist don't work ?
so i've tried to enable https proxy, downloaded certificate and import in browsers, but also this doenst work, browsers still show "certificate error"

 7 
 on: Friday 27 July 2018, 01:46:30 AM 
Started by Francisco - Last post by Francisco
Hola a todos,


Necesito ayuda ya qu con la version de endian 3.0.5 no puedo ingresar a mi nube de owncloud, lo raro que es la direccion cloud.localhost.cl/owncloud me da error 110 pero si trato de entrar por la ip local no da el error.
żAlguno sabe como puedo solucionar esto? 

 8 
 on: Thursday 26 July 2018, 11:12:48 PM 
Started by mmiat - Last post by mmiat
i've tried to use https proxy
i can understand that endian can't read content and filter it, but why also blacklist / whitelist don't work ?
so i've tried to enable https proxy, downloaded certificate and import in browsers, but also this doenst work, browsers still show "certificate error"

 9 
 on: Wednesday 25 July 2018, 10:23:47 PM 
Started by beto2p - Last post by beto2p
Adding the parameter "sslflags = NO_DEFAULT_CA" has solved the problem.
Memory consumption has stabilized.
Thank you very much.

The memory continues to increase because squid cache all the default CA certificates (they are ~600 default CA).
On the squid forum they suggest to add the parameter "sslflags=NO_DEFAULT_CA" in order to don't cache the CA.
So if you can edit /etc/squid/squid.conf.tmpl and where see these lines

Code:
    #if $HTTPS_MODE != 'disabled' and $HTTPS_CERT
http_port $ip_addr:$PROXY_PORT ssl-bump cert=$HTTPS_CERT generate-host-certificates=on cipher=$HTTPS_CIPHERS options=$HTTPS_OPTIONS
      #if $transparent or $tproxy
http_port $ip_addr:18080 $intercept_kind
https_port $ip_addr:18081 $intercept_kind ssl-bump cert=$HTTPS_CERT generate-host-certificates=on cipher=$HTTPS_CIPHERS options=$HTTPS_OPTIONS
      #end if


please "sslflags=NO_DEFAULT_CA" like this:
Code:
    #if $HTTPS_MODE != 'disabled' and $HTTPS_CERT
http_port $ip_addr:$PROXY_PORT ssl-bump cert=$HTTPS_CERT generate-host-certificates=on cipher=$HTTPS_CIPHERS options=$HTTPS_OPTIONS sslflags=NO_DEFAULT_CA
      #if $transparent or $tproxy
http_port $ip_addr:18080 $intercept_kind
https_port $ip_addr:18081 $intercept_kind ssl-bump cert=$HTTPS_CERT generate-host-certificates=on cipher=$HTTPS_CIPHERS options=$HTTPS_OPTIONS sslflags=NO_DEFAULT_CA
      #end if

then save the file and restart squid with "jobcontrol restart squid --force"


 10 
 on: Monday 23 July 2018, 05:39:04 PM 
Started by beto2p - Last post by Dark-Vex
The memory continues to increase because squid cache all the default CA certificates (they are ~600 default CA).
On the squid forum they suggest to add the parameter "sslflags=NO_DEFAULT_CA" in order to don't cache the CA.
So if you can edit /etc/squid/squid.conf.tmpl and where see these lines

Code:
    #if $HTTPS_MODE != 'disabled' and $HTTPS_CERT
http_port $ip_addr:$PROXY_PORT ssl-bump cert=$HTTPS_CERT generate-host-certificates=on cipher=$HTTPS_CIPHERS options=$HTTPS_OPTIONS
      #if $transparent or $tproxy
http_port $ip_addr:18080 $intercept_kind
https_port $ip_addr:18081 $intercept_kind ssl-bump cert=$HTTPS_CERT generate-host-certificates=on cipher=$HTTPS_CIPHERS options=$HTTPS_OPTIONS
      #end if


please "sslflags=NO_DEFAULT_CA" like this:
Code:
    #if $HTTPS_MODE != 'disabled' and $HTTPS_CERT
http_port $ip_addr:$PROXY_PORT ssl-bump cert=$HTTPS_CERT generate-host-certificates=on cipher=$HTTPS_CIPHERS options=$HTTPS_OPTIONS sslflags=NO_DEFAULT_CA
      #if $transparent or $tproxy
http_port $ip_addr:18080 $intercept_kind
https_port $ip_addr:18081 $intercept_kind ssl-bump cert=$HTTPS_CERT generate-host-certificates=on cipher=$HTTPS_CIPHERS options=$HTTPS_OPTIONS sslflags=NO_DEFAULT_CA
      #end if

then save the file and restart squid with "jobcontrol restart squid --force"

Pages: [1] 2 3 4 5 ... 10
Page created in 0.098 seconds with 15 queries.
Powered by SMF 1.1 RC2 | SMF © 2001-2005, Lewis Media Design by 7dana.com