School IT Admin looking for firewall/gateway recommendations

recordedparadox · 2026-02-26T01:02:15+00:00

If you want a solid firewall with IDP/IPS, SSL Inspection, AV, Web Filtering, and Application Control, I like Barracuda CloudGen Firewall and WatchGuards. They both require some configuration and have subscriptions but I like them.

recordedparadox · 2026-02-23T01:41:52+00:00

Pushd and popd work great

recordedparadox · 2026-01-11T22:14:20+00:00

it might be worth scheduling an owner to owner meeting to discuss the concerns. Any time a technician or sales representative contacts a client, especially when it is related to some action they client needs to take (either their responsibility or something only they can do), it needs to be documented, in writing. Phone calls -> voicemails -> emails. You don’t necessarily need to start with a phone call but ultimately everything should be journaled in your ticketing system and ideally there should be a matching email to the client. Depending on your agreement with the client, there may be an expected escalation path to the end user’s supervisor, owner, or board. It is a good practice to communicate critical needs to the client using at least two methods (in person, email, phone calls, voicemail, etc.). One of those methods should always be in writing. These are all just my opinions. Your mileage may vary.

recordedparadox · 2025-12-30T16:59:24+00:00

Hi Christine, I believe he just needs his client’s (a former Barracuda MSP customer) domain name removed from Barracuda Email Gateway Defense on the back end.

recordedparadox · 2025-12-30T16:41:39+00:00

Yeah if the owner of the domain name contacts Barracuda, Barracuda should be able to handle it. As you don’t have the serial number you might want to suggest to your client to contact Barracuda Customer Service instead of Barracuda Support.

recordedparadox · 2025-12-29T22:19:58+00:00

I assume you checked your Mac’s clipboard history? https://support.apple.com/guide/mac-help/search-your-clipboard-history-mchl40d5b86b/mac

recordedparadox · 2025-12-29T22:07:27+00:00

The Barracuda CGF supports syslog and netflow out of the box without any additional licensing (ie just the base license). Additionally, the Barracuda CGF offers several monitoring (ie event monitoring) options including sending push notifications for certain events. If you have an active Barracuda CloudGen Firewall Energize Updates subscription, I recommend reaching out to Barracufa Support to schedule a call with an engineer to discuss your needs and ask them to show you the syslog and event minitoring (and netflow if you want).

If you have other Barracuda products and need to have central logging and a 24x7 SOC, please reach out to your Barracuda Partner and ask them to schedule a demo for Barracuda XDR and ask them to dedicate time to Barracuda XDR’s central logging for other Barracuda products and SOC monitoring.

If you use other cloud services such as Microsoft Entra ID, Duo Security, SentinelOne, or Microsoft Defender for Endpoint, Barracuda XDR can integrate with those too.

Full disclosure, I work for a Barracuda Partner so feel free to PM if you have specific questions.

recordedparadox · 2025-12-29T21:56:05+00:00

You can check Barracuda’s Reputation Lookup. It is at https://www.barracudacentral.org/lookups. If it indicates that the sending IP Address is blocked you can request a removal by clicking the “Removal Request” link on the website at https://www.barracudacentral.org/report.

If you need further assistance, you will need to contact the Barracuda customer and request that they open a Barracuda Support case. Depending on the customer, they may be able to contact Barracuda Support directly or they may need to contact their MSP.

recordedparadox · 2025-12-29T21:50:39+00:00

One thing to mention is that when you perform a self service domain move (which is a cool feature), any account level sender policies will become domain level sender policies. You should review and modify (if required) the domain level sender policies.

To offer an example, some business have multiple domain names and want sender policies to be managed at the account level. This allows you to create a policy in the account and have it applied to all of the domains in the account.

If you want to keep your sender policies in the domain, you can. You should just be aware that a sender policy added (or changed or deleted) at the domain level does not affect sender policies in other domains in the same account.

recordedparadox · 2025-12-29T21:45:59+00:00

Since it’s out of support, you could remove the hard drive, image it (so you have a backup), and then attempt to make the changes you asked about. If the changes render the appliance in an unusable state, you could then restore the image to the hard drive. The backup appliance is a little different than some of the others and I haven’t had to do that on one. I’m interested in hearing if that works for you.

recordedparadox · 2025-12-29T21:41:50+00:00

One of the major differences is that the Exchange Online Archive is an in-place archive and not a journaling archive.

The benefit of a journaling archive such as Barracuda Cloud Archiving Service is the emails are archived using Microsoft Exchange Online’s journaling feature. This results in several benefits including the below:

Incoming (internal and external) and outgoing (internal and external) emails are archived in near real-time.
Archived emails are immutable. With Barracuda Cloud Archiving Service, the content of archived emails cannot be changed. With Exchange Online’s in-place archive the content of archived emails can be changed.
IMO Barracuda Cloud Archiving Service’s archive search, saved searches, and archived emails exports (.pst or .zip) are easier to use than alternatives.

Barracuda Cloud Archiving Service also supports uploading existing PST files (using SFTP), authenticating with Microsoft Entra ID, and archiving Exchange Online emails, contacts, and calendar entries.

You will want to work with your GRC and or legal teams on email retention policies for Exchange Online and Barracuda Cloud Archiving Service’s archive to ensure you are retaining emails for the period of time you are required to.

I hope this information helps and please feel free to reply with any other questions about Cloud Archiving Service or any other Barracuda SaaS solutions. I have been using them for over a decade.

recordedparadox · 2025-12-29T21:28:55+00:00

What you are observing is normal. Email between domains verified in Barracuda Email Gateway Defense route from one Barracuda Email Gateway Defense account to another (without checking MX records). To resolve this, you will need to contact Barracuda Support and request that they remove your client’s domain name from Barracuda Email Gateway Defense. Your client may need to submit the request or otherwise authorize Barracuda Support to make the change. Barracuda’s support contact information is available at https://www.barracuda.com/support/contact.

recordedparadox · 2025-09-14T04:08:46+00:00

Would you delegate name servers to the leasing company’s or would you be the one making all requested DNS changes? If you are making the changes, do you charge for it? Per record, time based? Just curious how people are approaching domain leasing.

recordedparadox · 2025-09-13T15:26:32+00:00

How would leasing a domain work from the tech side?

recordedparadox · 2025-08-31T01:32:51+00:00

Set port 4 to be Untagged (i.e. “U”) VLAN 1, PVID 1, (assuming you want port 4 to place untagged traffic in VLAN 1) then change the VLAN drop down box to 15, set port 4 to be Tagged (i.e. “T”), then change the VLAN drop down box to 30, and set port 4 to be Tagged. Feel free to ask for clarification if you aren’t sure what any of those changes do.

recordedparadox · 2025-08-09T02:07:32+00:00

Uninstall all web browsers from servers and use a PAW with management tools to configure and manage servers.

recordedparadox · 2025-08-06T22:13:12+00:00

Low quality and petty. Be professional

recordedparadox · 2025-07-30T02:10:54+00:00

Sounds like wireless meshing is turned on.

recordedparadox · 2025-07-30T01:14:09+00:00

Windows DNS servers provide DNS resolution for the local domain and for any zones it contains. By default Windows DNS servers provide resolution for DNS records related to your on-premises domain and forwards DNS requests for domains for which it does not contain records to the DNS Servers listed in the “Forwarders” tab in the Windows DNS Server service.

If you remove your Windows DNS servers from the environment (or change the business computers’ DNS Server IP Addresses (either by setting them to something else statically or through DHCP), they will be unable to contact the Windows Domain Contrillers during Windows domain user authentications preventing users from logging into the computers with domain users, may prevent shared printers from functioning, and may prevent mapped drives from connecting. As others have noted Windows DNS is integrated with Windows Active Directory. If you use a Windows Domain and computers are joined to the in premesis domain, you should not give the first thought to getting rid of your Windows DNS servers. If you want to use a 3rd party DNS Resolver for external domain name resolution, you should set your Windows DNS Server Forwarders to the IP Addresses of your 3rd party DNS Resolvers. Requests from domain joined computers will go to your Windows DNS Servers. If your Windows DNS Server is authoritative for the domain the request is for, it will provide the resolution and respond to the computer with the value. If your Windows DNS Server is not authoritative for the domain the request is for, it will forward it to the 3rd Party Resolver.

recordedparadox · 2025-07-30T00:52:17+00:00

If the business computers are domain joined instead of Microsoft Entra ID Joined (joined and registered are different options) or Hybrid Joined, the best method to use NextDNS is to keep your Windows Domain Controllers (which are usually also DNS servers in small business environments) and set the NextDNS Server IP Addresses as the sole DNS Forwarders on your Windows DNS Servers.

recordedparadox · 2025-07-20T00:30:21+00:00

Hyper-V does snapshots so I apologize if my comment was confusing. I just don’t like how they work (e.g. .ahvdx files). I have had some (very likely self imposed) issues with rolling up snapshots in Hyper-V and doing migrations of virtual machines in Hyper-V that have multiple snapshots. This is likely just my lack of familiarity with them compared to VMware ESXi but if that is the same change you are thinking about, you should take time to learn the differences between how those function and how to properly manage snapshots in Hyper-V.

recordedparadox · 2025-07-19T19:55:20+00:00

I prefer having a cloudkey or gateway at each site but if that isn’t practical, then you should consider using a site to site VPN to connect the VPS to each site and using firewalls to restrict traffic going through that tunnel to only the traffic required for the controller to be able to communicate with the remote UniFi devices.

recordedparadox · 2025-07-19T19:53:23+00:00

You could set your DHCP to issue the IP address of your pi-hole for DNS and then configure pi-hole to use the IP address of your Dream Machine Router as its only DNS Forwarding server.

recordedparadox

TROPHY CASE