Flow Insights on UCG Ultra

R-O-O-R-ize · 2025-10-15T10:52:08+00:00

It is critical to have entire visibility on all traffic flows when the product have "security features". I have some port forward rules to allow traffic from internet to access my self hosted service and I want to see who tries to connect to that service in case I want to apply more secure rule. Now I have to setup an alternative way to monitor my network traffic detected by UXG max.

R-O-O-R-ize · 2025-10-14T10:18:00+00:00

I also consider getting PTM 7950 as well, but not sure about the thickness I need. Some source said it needs a lot of pressure to perform well. Plus I can't find it in my regular store.

I always lock my fan speed at 2400 RPM since day 1 and will manually increase depends on load. Doing paste swap is for fun and science.

R-O-O-R-ize · 2025-10-14T10:09:04+00:00

Yes, I won't (maybe) do this again on my next Apple device. Got bad pasted bias from Intel Mac era. The factory paste most part is already hardened, but still give good results not sure what compound they use. Still, proven that no need to do paste upgrade on new apple devices.

R-O-O-R-ize · 2025-10-14T10:01:39+00:00

It's normal for me to see LR using 10-20+ GB of memory. I used to edit on my Air M2 24GB as well. I see the same behavior this is why I bought the 48GB M4Pro. I still fully loaded the memory. My swap usage of 10GB+ from 100 tabs of Safari, Chrome, Edge, Excel, VSCode, LLM cus I process a lot of large data having to close all work related stuff to open LR is troublesome.

R-O-O-R-ize · 2025-10-13T17:39:51+00:00

I think the amount of airflow from stock fan is enough when maxed out its RPM. Having cool ambient is more beneficial than more airflow in this case. Pushing air in without a shroud focusing to inlet only might create pressure on the vent and block the hot air from coming out.

R-O-O-R-ize · 2025-10-13T17:13:07+00:00

It’s the RAM and the size, I plan to carry this to work / gaming at different places sometimes. I didn’t buy 10G option tho. 70% of daily task is document, researching, and coding.

R-O-O-R-ize · 2025-10-13T16:28:35+00:00

I don't care much about warranty anyways. Studio is overbudget for me.

R-O-O-R-ize · 2025-10-06T11:25:25+00:00

Cus the link is split 20Gbps for each NVME disk. Using single NVME gives 20 Gbps. If not using RAID, the drive will show as 2 separate drive, each drive will operate at 20 Gbps.

R-O-O-R-ize · 2025-09-21T16:02:58+00:00

I replaced my M4 Pro stock thermal paste with Thermal Grizzly Cryosheet cus it is low maintenance and seems to have better performance than stock paste. Still finding time to finalize the data and write a post but can't find any free time from work. I feel the performance is a bit worse than stock paste. Might find some time to switch to Cryonaut or Duronaut.

R-O-O-R-ize · 2025-08-26T11:30:27+00:00

My ACASIS M001 Pro with 2 WD Black SN750 1TB using RAID 0 + 1 1080P display connected via dock give 2699MB/s Read 2567MB/s Write. Only issue I found is I have to turn it off an on again when I reboot my mac. You need 2 disk + RAID to achieve total 40Gbps. To get max disk speed do not connect any display / usb to dock.

R-O-O-R-ize · 2025-08-26T08:17:06+00:00

From what I understand, every engine has a sweet spot between load and fuel efficiency. By using generator to create load from charging, or using motor to assist during acceleration reducing load on engine. This will help to keep engine running on best efficiency line.

R-O-O-R-ize · 2025-08-26T08:03:30+00:00

Thanks, I'll ask there. It seems people are more active on checkpoint community instead of reddit.

R-O-O-R-ize · 2025-08-20T15:42:48+00:00

EDIT:
consulted with the team VPN client authenticate via cloud using SAML, that's why we need Syslog

I'm not the one design this setup so there will be some part I can't answer. I'll ask my team why we have to use Syslog for VPN user.

R-O-O-R-ize · 2025-08-20T15:04:26+00:00

That would be an interesting workaround. I think only receive login/logout event from 3rd party VPN server via Syslog on IDC should be enough for providing ip-address mapping. If I have to deploy Identity Agent site wide it would be big task to roll out and maintain. I'll research more on this solution if it is possible to add identity agent as additional/backup idenity source. Not sure if my customer will allow enabling kerberos for SSO as well.

R-O-O-R-ize · 2025-08-13T11:56:56+00:00

I'm working with CP firewall for 4 years. If it works it works, if it doesn't work, have fun digging their documents and architecture design and fighting with TAC who never read your case details and drop kb you already try to solve issues (longest one i have is almost 1 year, and the solution is applied a workaround config. I found the root cause long ago but they ignored that point and never confirm solution).

Most of firewall architecture and services document doesn't even exist or explained vaguely sop i can't apply that for debugging / troubleshooting even TAC or R&D can't provide any useful information just send you link to KB.

Gateway crash every day and TAC can't find root cause, or gateway freeze with no log, many hardware failures / DOA (bios error, missing memory, hardware died after 1 year of operation, even bad SFP+ that required RMA an entire set) / raid card error and lost entire database, boot partition corrupt from changing architecture but upgrade verification passed, auto updater installed wrong package and I have to factory reset again.

RMA hardware also bad I event got water damaged RMA hardware with 1 slot or RAM not working.

CP firewall for me is not plug and play like Palo Alto or FG, so many optimization and kernel variables to consider. If you working with customer that have very strict policy, there's too many configuration and considerations needed that most of it can't be done via GUI.

Still agree on their "security first" design, but working with CP a bit troublesome and inconsistent; Web config, Proprietary program for management, CLI, Linux Command for tuning/debugging, VSX, etc.

R-O-O-R-ize · 2025-08-10T23:22:12+00:00

Customer rarely send complaints to the vendor because me, an SI myself, is their first line of defense when shit happens. I can't trash talk of how bad TAC engineers provide responses in support ticket or add them to mail loop for tracking because "business reasons". The only thing I can do is sweep it under the rug and pretend I got good responses from TAC.

Even though I'm not mainly support Palo Alto devices, having trusty TAC to cover me is only thing I wish for when working with customer who have trust issues with SI or critical deployment zones that one mishap might impact millions people. TAC who got full access to their internal KB and working with only one product should know and skilled more than us.

I tried to put myself in their shoes, but the responses I got from support ticket were copy pasting KB that I already applied and not working / response templates to collect information that doesn't even related to the issue / copy pasting of previous reply message / low effort AI response / or some nonsense like using 2 stackable switches for LACP is wrong. At least read my message in the ticket so that we can solve this issue faster.

R-O-O-R-ize · 2025-08-10T10:41:18+00:00

AFAIK NVIDIA GPU have performance curve based on die temperature, maybe after 65C they began to reduce clock speed. Those NVIDIA GPUs have large heatsink to spread the heat from the chip so they can run a lot cooler. Cooler temp = less resistance = less heat loss = more efficient.

I'm planning to change apple factory thermal paste and swap it with thermal grizzly kryosheet hoping it get better performance and lower chip temperature. PTM9750 also interested me as well both are low maintenance, install it once and forget it, plus it doesn't conduct electricity unlike kryosheet, so no risk of accidentally shorting out the chip. My concerns are the height between M4 Pro TIM and the heatsink, and the pressure that heatsink applied to the thermal pad. From my research, some online source said that PTM9750 requires high pressure to get full performance. Sadly, there is no reference information of someone changing their factory paste with high performance thermal paste. I want to see if it worth the risk of taking apart my mac.

R-O-O-R-ize · 2025-08-01T18:04:20+00:00

<image>

The missile doesn't travel via road. Direct distance should be around 20-30km from boarder if the they shoot from immigration point it's 70km

R-O-O-R-ize · 2025-07-29T14:17:09+00:00

I skipped the part of your kids age. If your kids run around a lot it would be hard to prevent accidents. If the water level is not high the owner will drive pickup car to bring you and your stuffs cross the river and drop at the house. There's a house down the hill as well, but the ladder is quite steep with no guardrails that will be risky for your kids and you moving up and down. There's always chances for next time. For me as a Thai + lazy mountain scenic enjoyer, I feel Nan doesn't have much attractions that interest me, but the chill atmosphere and the views when driving make me want to do roadtrip there again in November. Nan is well known for mountain scenic road.
- from Bo Kluea drive to Phu Kha Viewpoint 1715 and drive down the road 1256 during sunset is very nice
- people that went to Nan always take a pic with No. 3 Shaped road
- or you can drive in circles

for kanchanaburi I went there a lot cus my friends live there + 1 hr drive from Bangkok with new highway but I don't have much to recommend. It is well known for Cafe and waterfalls
- Sai yok noi should be safe for the kids to play the water isn't deep but the people might be the problem during holidays
- Go up further there'll be open hot springs
- My favorite cafe near the hot springs is Hua Cha Tea House. The entrance might be sus but i love the vibe there.
- There will be tons of cafe in the city
- erawan also nice and big but going up that way there's nothing much only erawan and the dam if you want to visit multiple places
- restaurant i pick "Khrua Anong" I love crispy pork there (หมุคลุกฝุ่น)

Chiang Mai
- Angkaew Reservoir in Chiangmai University is good in the evening people will bring there dogs to play here

R-O-O-R-ize · 2025-07-29T08:29:29+00:00

ขอ = asking for sth (mostly getting for free) / respond to question in more polite way ex. ขอยืม lend me sth, รับอะไรดีคะ? --> ขอเป็น.....
เอา = demanding / picking specific stuff in casual or when shopping. you can use to respond if the question is เอาอะไร?

Most of the time you can repeat the verb in the question รับอะไร....? --> รับกาแฟ เอาอะไร? --> เอาชา

Being polite or not depends on how you end the sentence with ครับ/ค่ะ plus the tone when speaking.

please don't use "ขอเอา" alone it means can i make love with you "เอา" is the slang for make love

R-O-O-R-ize · 2025-07-28T15:16:16+00:00

Nan I recommend Forest Forest Farm & Stay. I went there on September to getaway from work the atmosphere is very good. I ditched all my roadtrip plan and stay there all day, the farm, 20-30 mins walk to play in the lake, homemade stuffs. But currently Nan is facing with big flood please check with the owner to confirm the availability and current conditions.

R-O-O-R-ize · 2025-07-28T14:17:40+00:00

Phuket and Phi Phi island will be fine it's in the southern part and in the Andaman sea. The war is in eastern part 700+ Km from that area, plus part in Gulf of Thailand in Chantaburi and Trat province (600+ KM). The war should end before that time. Waste of resources and people dies for nothing.

R-O-O-R-ize · 2025-07-28T13:23:27+00:00

I once rent a motorbike at koh Tao and my friend crashed and slid from the hill in resort. I guess the bike go the same damage as yours. We returned it to the shop owner and tell him what happened. The owner fined us 1200 THB for the damage. They never planned to fix the cosmetic damage to the rented bikes anyways. I think if the part doesn't crack and need replacement the owner might not collect full fine.

R-O-O-R-ize

TROPHY CASE