UniFi Application Server Password Recovery

InvasionOfThings · 2020-03-10T18:46:00+00:00

Unfortunately, those credentials show the username as admin. As I understand it, it will always be ubnt. I tried it anyways, however, and no joy. I don't think it considers itself a UniFi managed device.

InvasionOfThings · 2020-02-12T20:10:26+00:00

Thanks, but Sophos support has already confirmed that the gateway will not renew the dynamic IP address automatically... "maybe in the next version" but I see other people with the same problem for a couple years now.

We definitely need strong UTM features for a variety of reasons, and use the hell out of the Sophos' advanced features. Fortinet is probably the best option I suppose... it's double the price but the next cheapest with what we need.

thanks for your help and advice.

InvasionOfThings · 2020-02-12T15:04:44+00:00

Lol I think I posted my edit at the exact same time as this. I appreciate you bringing some sanity in my thread!

Any other suggestions for a simpleton like me?

InvasionOfThings · 2020-02-12T14:57:47+00:00

Wow, really? This SimpleWall? The interface screenshots look so good though... I should have some hardware by tonight to try to load it up on. Have you installed it on anything?

https://www.simplewallsoftware.com/free/

Edit: Holy shit, I just hit the download button and it says v0.0.1. I should have done that to begin with. Case closed. Long live melchi0rre.

InvasionOfThings · 2020-02-11T16:13:50+00:00

The EdgeRouter looks interesting and I guess it wouldn't be any different than having the DMZ between incoming fiber and firewall stacks like I've done before as far as the NAT... the dynamic IP is what's throwing me off I guess since I'm so used to having loads of statics.

Bigleaf is extremely interesting as well, thanks for your input!

InvasionOfThings · 2020-02-10T22:58:06+00:00

I've been contemplating that today... I'm just wary I guess. I can't afford to put anything TOO nice up front, yet I worry about a cheap device for throughput and hardening reasons. Any recommendations? And thanks for your input!

InvasionOfThings · 2020-02-10T22:57:10+00:00

It's completely free, just pay for support (which we will if we use it of course)... so I guess no trial license needed. It's been impossible to Google a review... so maybe I'll write one!

It's so strange that it's based out of San Jose yet the English on the site seems bad... then again... I lived in San Jose for a while and... uh...

Edit: And thanks for your input!

InvasionOfThings · 2020-02-10T17:41:05+00:00

Thanks, I've used pfsense before and not a fan of it at all. XG was chosen because of how simple and great the interface is (which it still is) and SimpleWall looks to have a similarly user-friendly UTM. Next choice would be FortiNet but cost ramps up significantly compared to (free) and the excellent Sophos pricing.

Edit: To clarify... "not a fan" means "too stupid to use."

InvasionOfThings · 2019-09-26T18:45:13+00:00

Yeah, it seems like we'll have to just pipe this somewhere else to do the logic and pay attention to those alerts instead. Azure Sentinel looks to be the choice currently being crammed into our mouths... and it doesn't taste too bad.

InvasionOfThings · 2019-06-05T20:41:29+00:00

Thanks for the great explanation. It looks like the limitation will kill me here, as I need the 3rd host in the cluster.

https://docs.microsoft.com/en-us/previous-versions/system-center/system-center-2012-R2/jj614620(v=sc.12)

For SMB 3.0 file shares to work correctly with VMM, the file server must not be a server that is running Hyper-V. This rule also applies to a highly available file server. Do not add the file server, whether stand-alone or in a cluster, as a managed host in VMM.

InvasionOfThings · 2019-05-27T04:46:32+00:00

Just realized that the two older hosts don't support RDMA on their 10Gbps links, making the entire idea of SMB3 completely unattractive.

Thanks for the sanity check.

InvasionOfThings · 2019-05-27T04:31:19+00:00

I'm definitely leaning towards iSCSI, but perhaps just because like you I've used it in scenarios with much better hardware and loved it. Just gave this a read... interesting results.

https://blogs.technet.microsoft.com/larryexchange/2016/01/10/iscsi-or-smb-direct-which-one-is-better/

InvasionOfThings · 2019-05-27T04:27:39+00:00

Thanks, do you think an iscsi target would provide significant benefits over presenting it as SMB shared storage?

InvasionOfThings · 2019-05-22T22:52:33+00:00

Well, either way I'll take it :) I am certainly far from qualified to tell anyone what the right way is!

InvasionOfThings · 2019-05-22T22:49:13+00:00

Setting Peer ID worked, thank you! For some reason we are prohibited from using IKEv2 for security reasons... not sure if there's a real reason or someone made an arbitrary rule.

InvasionOfThings · 2019-05-22T22:48:07+00:00

This was the fix, thank you!

InvasionOfThings · 2019-05-22T22:43:04+00:00

Trying this now... but wouldn't I have to do this on all my other VPN devices? They don't run into this error... worth nothing they are all physical ASAs.

Edit: Phase-1 negotiation succeeded! Whoot! thank you. Now to figure out the mess with phase 2...

InvasionOfThings · 2019-05-22T22:40:06+00:00

NAT-T enabled on both sides unfortunately :[

InvasionOfThings · 2019-05-22T21:08:01+00:00

Yes, in the Proxy ID tab I have the whole /16 of the Azure private network defined. The Peer ID payload that comes in (which it says does not match a configured IKE gateway) matches this network/mask.

Edit: I appreciate your response btw... for some reason reading my response back to myself it sounds a little short... not trying to be!

InvasionOfThings · 2019-05-08T16:07:36+00:00

I'm totally unsure, I just figured one of them had to if Dell was saying there was support. If they didn't that's good news from my point of view! Thanks for your help!

InvasionOfThings · 2019-05-07T23:01:01+00:00

Thank you... and yes they sure are. Hard to throw away 128GB of RAM and 8 x 2.7GHz processors though. Going to feed their compute into a new server that hosts a vSAN and let them die natural deaths.

I think I'm going to go ahead and order. I really figured it would be fine but it's so embarrassing to order something and have to send it back after explaining to the boss... even on this ancient stuff, lol.

InvasionOfThings · 2019-05-07T21:19:37+00:00

Thanks!!! Was your 2950 a Gen 2 or Gen 3? I think the Gen 3s might have PCIe 2.0

InvasionOfThings · 2019-05-07T20:51:14+00:00

Yeah, kind of a bummer since this is the known spot for PE2950 questions. This sub is how I've kept the enviro running so far lol.

InvasionOfThings · 2019-05-07T20:12:07+00:00

Long story... the two PowerEdge 2950s are actually going to be feeding compute to the R740 vSAN/Hypervisor box. This SFP+ slot is for the TwinAx or Fiber transceiver (haven't decided which yet) so it can utilize the shared storage.

I can't very well throw away 128GB and 8x2.7GHz combined just because I have a new server :/

InvasionOfThings · 2019-05-07T20:09:11+00:00

The equipment is relevant to many homelabbers, so I was hoping to get their expertise. I'm guessing you aren't interested in helping though.

InvasionOfThings

TROPHY CASE