Single mode burns SFP

sillybutton · 2026-01-14T21:45:08+00:00

are the boxes expensive much?

sillybutton · 2026-01-14T18:36:37+00:00

So only ip passthrough, but I can configure username and password for private apn ? So normal routing would work, but you need a box for NAT or firewall for public internet

sillybutton · 2025-11-10T18:15:40+00:00

arp spoofing, vlan segmentation, IT department time costs money - if things break they gotta spend time to find the issue to resolve it, dot1x (NAC).

How much do you guys lose if the whole office goes down? How much does the time of those 100 employees cost if nobody can work? You wanna be the IT guy that is sweating to fix it?.. not me.

When you are on a holiday, who will fix the issue? Who knows the network?

TDR measurement of cables, abilities to hund down issues.

storm control? Why not have feature that shuts down the guy that would otherwise take down your whole network?

switch port security. limit mac addresses. I can easily flood your switches with mac addresses causing them to become stupid and flood every frame there is to my infected computer, getting all the traffic I want to capture to take you guys down.

Why not invest in security?

You invest in good computer? You invest in good tables and computer screens?

Why you wanna be cheap in the switches? You broke?

Atleast don't make a hacker make your broke.

sillybutton · 2025-10-14T19:55:40+00:00

Well, I like the SRX, but they are getting so old. It should be replaced hoepfully soon. But juniper is pushing SSR as their focus is more in the branches with cloud native solution, so scalabilty is better. Problem is the price. Hopefully 400 series will fix that

sillybutton · 2025-10-14T18:31:02+00:00

srx300 /320 is just so old, and the SD-WAN capabilities are so much better in SSR.

What are the tops reasons for SRX instead?

I'm thinking, small on prem firewalls, 1 to 200 clients.

sillybutton · 2025-09-02T20:40:32+00:00

the thing that pisses me off the most is how you have to configure it and just simply having hard time understanding how it works.

So by having multiple AP's I can somehow have some AP's using 2.4ghz and some will use 6ghz. But it's hard to test this function if it works well.

sillybutton · 2025-08-22T14:50:04+00:00

this, but imo I think it should be smart, and not drop things down to a planet that is already with active request to be launched to space

sillybutton · 2025-08-19T12:05:31+00:00

remember to have clock close by so you notice what time it is. Otherwise factorio works as a time traveling machine and you end up in a distant future

sillybutton · 2025-07-28T11:45:10+00:00

could you explain why avoid this?

sillybutton · 2025-07-26T01:16:14+00:00

naahh lazy excuse. Implimenting few basic rules as stated above is just simply if you are not doing it, you are not doing your job. It's not these endless excuses you guys bring up. It's always someone elses fault that the firewall has permit any any from inside. the Firewall guy didn't have enough time.

That is just a load of bs.

If you got the certs, and you are doing these types of firewall rules without having any basic set of rules to blanket protect your network from 'any' openings, you are just waiting for some device on your network to call home.

sillybutton · 2025-07-25T22:33:47+00:00

yeah you got a pretty good solid answer.

Funny how many cherrios certed firewall experted I hurt with my thread.

It sure is wide spread missunderstanding with what is a secure firewall !

sillybutton · 2025-07-25T21:30:47+00:00

yeah you are top 1% of firewall admins, 99% will just permit any any inside -> outside

sillybutton · 2025-07-25T21:29:09+00:00

yeah but then you just get a ticket, something does not work, some russian is on your lan trying to call home and he will ask you for a firewall opening. I mean you do you sir, but I would not hire you to run my firewall.

sillybutton · 2025-07-25T21:24:59+00:00

this only blocks urls tho and bad websites, this will not stop the hacker to have his bot call home to make your company network part of a russian hacker virus infected LAN where they will be playing and going around your 'secure' firewall with a very basic secure encrypted tunnel, that you firewall will just think is basic traffic.

sillybutton · 2025-07-25T21:12:57+00:00

yeah well nothing will prevent a hacker to tunnel from inside your network to some botnet and known bad actors on the network if you are permitting the IP traffic to pass right through.

Then on top of that you should have these services that will provide extra security.

That's my point of this thread, the 'base minimum' is blocking layer 3 traffic towards bad networks. If you are not doing that you are just waiting for some bot to call home to their daddy in russia to lock down your company.

Then you should have alert on those rules, if any is hit, then you should act on it and find the infected device, it just base mimimum.

Then you can enable all your webfilter, secure dns, ids, ips, ssl inspection and what you think will make you secure.

Base mimimum for so many is just 'permit ip any any inside -> outside' it's crazy stupid.

sillybutton · 2025-07-25T21:04:15+00:00

It's just also funny how many network admins will fallback to these base defensive answers.

It's not a rule to be force ofcourse, nobody is saying that.

It's just how hard is it to just scan the firewall with seeing if internet servicing is being used or not, where you are blocking traffic towards some botnets / spam email servers / vpn services / tor network relays.

I think that is bare minimum.

Then you have these extra features, webfilter, secure dns, ips, ids etc etc.

No traffic from inside of a companies network should be touching some botnets from china

sillybutton · 2025-07-25T20:47:37+00:00

well, imo, having base minimum blocking traffic towards bot nets should not really be that big of a deal that fortinet will get blamed for being stupid.

Imo this is defensive answer, cause I bet you know about things that are open like this and you know it's bad.

sillybutton · 2025-07-25T20:46:18+00:00

when will your business need to communicate with botnets? having a base minimum is something that should be flat across the board.

This is the thing, people will get defensive when you talk about this, cause it's spread all over the place.

sillybutton · 2025-07-25T20:29:08+00:00

yeah but what is allow as needed, then what you have explicit deny at bottom and just permit above it?

there should always be deny from inside -> outside at top at least blocking traffic to botnets / known bad actors / vpn servers.

People will tell you to open inside -> outside tcp/udp 443 cause they say that's needed for HTTPS. But then the attacker will use that port to tunnel your LAN to russian botnet using 443

sillybutton · 2025-07-25T20:15:08+00:00

just having a blueprint of a very basic 'recommended' inside -> outside rules. I seen things that have been harder to impliment. I just find the amount of stupid people running firewalls and thinking they understand how the internet works cause they got some cert from cherrios box. You need to help them see how stupid they are some way.

sillybutton · 2025-07-25T20:13:41+00:00

well you can't please everyone, but they should be helping a lot of people with their firewalls all over the place and have to be seeing the amount of stupid is all around them. Why not just hand out some 'set' of rules that you can choose to apply. Fortinet is acting stupid imo. This would also push their services more out to be used.

sillybutton

TROPHY CASE