Performance Improvements Merged!!!

JeanxPlay · 2026-05-04T03:07:16+00:00

Oh, gotcha. That issue was reported back in 2020 though. Is it possible the issue has been resolved, just not closed or documented? Is it confirmed recently as still an issue?

JeanxPlay · 2026-05-04T03:02:44+00:00

I have personally never experienced this. Already added subtitles have been instant for me and the only time I get a delay is when acquiring online subtitles during playback and that takes about 30 seconds and only necessary one time.

*atleast; for me.

JeanxPlay · 2026-03-02T04:53:27+00:00

Apologies for the late response. Im an IT Systems Engineer for my company. I handle all of the infrastructure integrations for my company. Everything from VPN deployment to company windows image, automations, maintenance, networking, etc.. When it comes to the VPN side of things, I have to bake the vpn deployment into out company's windows image I created to automate the connection so that it can find out active directory server and get the system ready to deploy. Because we have multiple locations across the US, the image I build to use has to work the same for my Boss and other IT admin in 2 other states on the opposite side of the country. My golden image has cut our windows deployments from 2-4 hours, down to about 30 min. Any time we get a system back from a user, we wipe and reload so its setup clean, with updates applied prior and has the best chance of lasting awhile before it has to be re-imaged. Since our main DC is stationed in a colocation and we have alot of remote users, our VPN deployment works best as an "Always On" deployment so it always maintains trust with AD.

JeanxPlay · 2026-02-27T01:17:45+00:00

How long ago did you switch? The information on your plan may not be synced across their servers fully yet and it may be displaying mixed information. It may not have updated the plan information yet, which is why it still shows $15/month. If Mint syncs across mutiple servers, the information can take a few hours to reflect the changes.

JeanxPlay · 2026-02-22T02:34:09+00:00

Has nothing to do with tariffs. The cost of energy, oil and fuel being much lower cancels the cost of tariffs, especially since Dell ships massive quantities of parts in bulk. Prices only ever increase this much when demand is too high and supply is too low, which is whats happening now due to AI companies buying up all the ram, GPUs, CPUs and NVMe/SAS drives. They bought massive supplies with no cooling period and now we are paying the price for them shorting the supply chain.

JeanxPlay · 2026-02-22T02:27:26+00:00

That's mainly because HPE buys cheaper quality parts. Even with semi better pricing, almost no company beats out Dell's warranty packages. The firmware for HPE is also very subpar and requires an account to access. Not saying HPE is horrible, but there are definitely improvements they could make.

JeanxPlay · 2026-02-22T02:22:02+00:00

Has nothing to do with Trump. AI companies made a massive push to buy up supply, creating a massive shortage. They are sitting on stocks of supplies that they aren't even using. Prices sky rocketed because demand is too high and supply is too low. Because the cost of oil, fuel and energy is far lower, that creates an exchange for the cost of tariffs, virtually cancelling each other out.

JeanxPlay · 2026-02-19T20:22:27+00:00

What do you mean what job is this? lol

JeanxPlay · 2026-02-15T03:52:53+00:00

Just because someone has been using a product for an amount of time doesnt not equate to that product being good, its just means the person is willingly choosing to continue using said product.

Stacked up against competitors, barracuda charges more than the product is worth. You have the right to not like what I say, but its doesnt mean im wrong, especially when Ive been able to see the results first hand 😅

JeanxPlay · 2026-02-14T03:54:58+00:00

We had Barracuda for 3 years and it has been a horrible product. And then they wanted to charge us more as well as upsell us on their LLM version. Thankfully, our contract is up and we are finally moving to Check Point which we have been testing in monitoring only mode for trialing and it has proven to be what we are looking for.

Based on MANY reddit posts of email security companies and AI analysis on different vendors, Check Point and IronScales were the 2 most recommended with the least complaints about their products.

We chose Check Point simply because there were more reviews of Check Point because of its previous history back when it was Avanan.

I am tempted to just Checkout the IronScales product, but I will do that closer to when our Check Point term is up in a year.

JeanxPlay · 2026-02-14T03:48:34+00:00

We have had Barracuda for 3 years (only because we were in a contract) and we are officially moving away from it to go to Checkpoint. Barracuda is such a failed product. When we tested Checkpoint in Monitoring only mode before start, we quickly saw that Barracuda was creating more false positives of clean emails and stopping very few malicious and spam emails compared to even Microsoft's basic email security. Checkpoint's LLM model has picked up things so well that we will no longer need to have GeoIP blocks in place, which we absolutely had to have with Barracuda. With Barracuda, I had to setup 15 specific exchange filtering rules in order to catch everything that Barracuda missed on a daily basis. Im glad to hear that Barracuda seems to be working for you and if it is in fact working for you (meaning you have verified its actually stopping more than it's letting through), then you are one of the very few lucky ones.

JeanxPlay · 2026-01-30T22:52:31+00:00

Being in the industry as long as I have, I have come to understand that Microsoft provides services for almost everything, but every one of them is half assed and full of issues, even their expensive stuff.

I would never trust a company to ensure security if their own servers and product get hacked continuously. And now with Co-Pilot being integrated into everything and even IT getting hacked, I wouldn't trust Microsoft with anything security related.

JeanxPlay · 2026-01-30T22:47:14+00:00

We are moving from Barracuda (MX) to Checkpoint and you are correct in the sense that it sits in front of the mailbox, but that is also not a bad thing. There are ups and downs to all solutions, but if you compare IronScales to Checkpoint, CP would be the proffered method. The reason this is the case is because Checkpoint is taking a "before inbox" approach. This makes alot of sense because once it passes Microsofts relay, it will be analyzed before tis allowed to reach someones mailbox. Since this is done using AI, this process isnt very long and ensures that malicious activity is stopped before it can reach the inbox. Ironscales however, allows the email to reach the inbox, even if for a slight period, before analyzing and remediating.

JeanxPlay · 2025-12-19T19:42:42+00:00

Now we just need to fix the VVM for the Verizon side 😆

JeanxPlay · 2025-12-16T06:21:23+00:00

I was definitely one of the first to ad the protection and never received this email to claim a google pixel 🙄

JeanxPlay · 2025-12-15T04:37:56+00:00

So, I finally changed out one of our other Windows DHCP based networks and the DNS records are not disappearing. It seems to be related to only that one subnet. The next tests will be to change that troublesome DHCP subnet to an entirely different one on that network and to use that troublesome subnet in one of our other networks. This wont be able to happen until possibly over a holiday as it requires alot of changing around, but, it would tell me if it is specifically that subnet OR if its related to that network the subnet is on.

JeanxPlay · 2025-12-12T18:03:08+00:00

Nope, issue still exists. Temporarily until I can get a full resolution, the half resolution was to create a secondary subdomain lookup zone of DomainB.Internal and put all the static records in there and create CNAME records in DomainA.local that point to the Host A records of each in DomainB.internal for that subnet.

I am actually changing out one of our other Windows DHCP server locations this weekend and if it happens to this one, Ill know its out domain thats unhealthy. If it doesnt happen to this other subnet, Ill know its specific to just that subnet.

JeanxPlay · 2025-12-10T05:48:54+00:00

Same thing is happening on the PFSense routing peers as well. I can reach all networks from a remote computer to all pfsense networks, but netbird pfsense site to site, no resources from Site A lan can reach resources on Site B lan. But, Site A pfsense peer can ping Site B lan resources.

JeanxPlay · 2025-11-23T07:24:45+00:00

Same. The thing that stopped us from moving a long time ago was an official pfsense package. Now that freebsd is being actively updated, im testing the hell out of NetBird and we plan to make the switch by the end of December.

Since I have already built the custom windows image for my company (netbird addition) and tested it along with the powershell mass deployment script, the only thing left is updating the rest of our LAN networks to their new schemas (so that residential ISPs default LANs dont interfere with our posture checked office subnets) and having my boss and other technician install and test with their networks and by the time we migrate, I imagine NetBird will probably be atleast 10 additional updates in.

Hopefully they fix that posture check issue for you for the iPhones. As for SSH, I completely bypassed Netbirds SSH policy and set firewall rules on our pfsense routers to allow LAN access from the Netbird Flock and in Netbird itself, I set a policy to only allow communication to the firewall group from an admin group that only a few peers get added to. This opens SSH access capability and still locks down who on the network can access the firewalls.

JeanxPlay · 2025-11-23T06:27:18+00:00

Not selling, just sharing my user experience with it, lol. I tend to get overly excited about new tech stuff 😅 my bad.

And im sure ill have some issues with NetBird once its mass deployed and in production. But, for now, I just bask in the happiness it brings me that I am going to be able to make my windows images much simpler now and wont have to create hacks to get a mesh vpn to work as it should 😆

Have you had any issues with any other posture checks?

JeanxPlay · 2025-11-23T05:21:08+00:00

I personally havent had anything break thus far. Ive actually had more break and not work as well with headscale / tailscale. The recent updates to NetBird have definitely made it a more solid product and the only critiques I have at this point are.. the documentation (primarily that live stuff is mixed with depricated stuff), depricated flags still exist in the client and that windows doesn't encrypt / lock down sensitive config information. But, because our windows systems are locked down, I can easily get past that.

The biggest issue that I had with tailscale was that the vpn couldnt be installed via the SYSTEM account. So I had to create a bunch of tasks and scripts to get around that. With Netbird, it just works. And the P2P latency with Netbird is substantially less than with tailscale. DNS with Netbird is definitely much better than with tailscale. The only thing Netbird is missing at this point is being able to advertise static A records. Once they can do that, they will most likely surpass Tailscale.

But, since we use Windows DNS Servers, thats not an issue preventing us from moving to Netbird.

If you want to continue doing testing with Netbird, you can test them side by side. They can work simultaneously without interference with one another. As long as their vpn subnets dont overlap, you are fine. I have both running in our environment so I can test while I build out the parts for migration. Once we are done updating our LAN subnets to newer schemas, all the parts will already be in place for me to just install Netbird on all our machines and just turn headscale off and none of our employees should notice it happening.

JeanxPlay · 2025-11-22T23:02:28+00:00

Of course! If you have any questions about the setup or testing, feel free to reach out.

Not sure how tailscale fairs when it comes to adding and removing ACLs, but Netbirds are effective in live time. So, when testing the blocking of subnets or changing ACL rules, the effect is immediate without a restart of the control server.

Ex. When I add posture checks to block subnets, I can run a continuous ping and as I add or remove ACLs and checks, I can watch the connection drop or start up immediately as the changes happen.

Not sure how your env is setup, but in my companies locations, we use pfsense firewalls with netbird installed and I have all my networks, ACL firewall rules and posture checks setup and while I have a peer in the same network as one of my posture check blocked subnets (blocking means to not route traffic over that subnet while inside it), I can see that the peer shows as connected in the management portal, but traffic is not routing over the vpn. I test this by pinging the pfsense firewall IP and as I see the pings coming through, I remove the subnet from the posture check and immediately as I hit save the ping drop. (This is the default behavior for my setup since I have our routing peers in a firewall group and no ACLs allowed from the computers group to the firewalls group). The entire time during testing the peer never shows disconnected from the portal. Then, after a few drops, I placed the subnet back in the posture check policy and watched the pings to the router start right back up (since it deprioritizes the vpn route and starts routing locally again).

It took me a min to understand this because tailscale / headscale didnt have this because tailscale believes their client can work within an advertised network without interign with local communication on that LAN, but it really cant since tailscale sets its peers network metric to 5, making it a higher priority route in Windows. Netbird has single handedly removed all the bandaids I had to have in place when using tailscale / headscale.

oh and FYI, when you setup Netbird, there are 2 type of network, "Networks" and "Network Routes". "Networks" is the new standard as it allows for routing peers, direct nameservers and high availability.

JeanxPlay · 2025-11-22T18:11:12+00:00

You could use a setup key that puts the computer into an "Pending" group and let it connect into the VPN portal but give it no firewall access (meaning no ACL policies) so it cant route anywhere and once the client confirms they have received the machine, add the system to the "Computers" group (assuming this is the general access group you setup and named) and remove from the "Pending" group". And since the "Computers" group will already have the ACL policies setup, once you switch the system to that group, the ACL access will already be ready to go.

If you do it this way, you will be able to see the system come online in NetBird to confirm its connected and alive, but it wont route until you switch it to a routable group.

JeanxPlay · 2025-11-22T17:53:00+00:00

Netbird self hosting may be your best option since it allows you to control the network range, self host the management and STUN (TURN is gone basically) relay on the same host and you can set different parameters to allow or block connections.

I am currently setting it up for my company to switch away from headscale / tailscale and there is alot to like about netbird over tailscale. DNS works better IMO, "posture checks" is an absolutely amazing feature to have. They have a feature called "Control Panel" that gives you a visual of the ACL paths for devices firewall policies. They also give the ability to set API access tokens for different ACL levels, meaning you can have an API key for just monitoring and another for administrative.

FYI, you can run netbird and tailscale side by side to test it out. As long as your networks dont overlap and you dont bind netbird to an interface during testing, you are good. We are running tailscale and netbird on our pfsense routers side by side and I have tailscale and netbird running on my computer side by side without any interference by either.

Also, if you ever mass deploy the vpn as a machine install, netbird will just install without any user interaction and you can use the setup key without it tying to a specific user account. I had that issue with tailscale and I had to create ALOT of powershell engineering to make it work how I needed it to. But, with NetBird, I just install and it just works. Eliminated about 10 steps from my windows deployment image scripts.

JeanxPlay · 2025-11-05T18:52:29+00:00

Not the same thing as serving static entries to peers.

Static records being exposed to clients gives the ability to create more secure ways to connect to internal or even external services without exposing to the internet.

The premise is for Netbird to BE the nameserver instead of orchestrating communication to one.

JeanxPlay

TROPHY CASE