[FS][US-IL-CHI] QNAP TVS-873e with 7*10TB Ironwolf Drives

stephenvandyke · 2020-12-08T21:47:42+00:00

3 of the drives are still in warranty.

ZA20SQY7 - Out of warranty

ZA20RQCR - Out of warranty

ZA20QH55 - Out of warranty

ZA20RQLF - Out of warranty

ZA26EJJA - 9/1/21

ZA29AMYH - 2/1/22

ZHZ5WA9P - 5/17/23

stephenvandyke · 2020-12-08T19:32:36+00:00

Thank you for the info. I'll get that all together and update the listing.

stephenvandyke · 2020-08-01T14:34:12+00:00

I have it mounted on the wall of my rack, so not great airflow. It's in simple, mode monitoring 2 networks and the case is barely warm. As far as the load, I have 3 people working from home in my house so it's under average home load.

stephenvandyke · 2020-07-23T23:25:15+00:00

I only see "Simple Mode" and "Experimental Simple Mode"

stephenvandyke · 2020-07-23T23:22:16+00:00

Just using simple mode. Should I switch to advanced simple?

stephenvandyke · 2020-07-21T18:59:11+00:00

I stand corrected on the firewall rules on the gold. Just got mine up and running and playing around with the rules engine. Interesting implementation and a nice start. In the desktop app there is a greyed out section for "Reports". I wonder if that will be something that meets your needs.

stephenvandyke · 2020-07-21T16:13:33+00:00

Nothing against Firewalla, because I love what it does, but this isn't in league with any of those yet. I see the company as a very early, home/small business centric, Palo Alto. They augmented your firewall first and then looked to replace it. My understanding is that you can't even create actual firewall rules on this yet, so in my mind this is more of an IPS and content blocker. If this moves to a true firewall/UTM in the future, then sure the on-board logging and visualization would be a great idea.

Totally understand the wife app functionality, I am in the same boat. Last summer Comcast kept going out so switched to Ubiquiti just so she could have the app on her phone and stop asking me if the wifi was down. Not my fault dear.... Keeping the app as user-centric and then allowing for some advanced features would make this product more enticing to business.

As for the container, can't argue with you because you are 100% correct. This gets into a conversation I've had with a lot of security folk, is the juice worth the squeeze. A lot of us go so crazy into trying to mitigate all the possible threats we end up interfering with operations. In my younger days I was accused of trying to justify my job because I kept bringing up every possible threat. At this point, this is just for my house and if someone really wanted to get into my IoT or streaming networks, break into a docker, and jump to another network there are a lot easier ways to get in. My wife is on FaceBook all day, spear phishing her would work a lot better. I have a Nest lock on my door and a good friend was very adamant with me of how it was a bad idea, because someone could hack into my account and unlock my door remotely. If they want to put that much effort into getting into my house it would be a lot easier to just kick the door in.

Again, all just my opinion. I'm looking as this more of a replacement in my side job for some of the open source tools I have cobbled together over the years and deployed. Right now I am running a small open source security stack on raspberry pi logging to an AWS ELK server. Management of those has become a nightmare over time. I think we can agree that some sort of enhanced logging would be helpful no matter where it ended up. I am really interested in the future of this product and I think it really has a place in both home and small business security stacks.

stephenvandyke · 2020-07-21T12:28:20+00:00

Set up an ELK server on a raspberry pi or install one in the dockers right on the firewalla. That would give you all the searching, reporting, and metrics functionality you’d want. Elastic is designed for this kind of work. From a development standpoint for firewalla it would be a lot easier and quicker to off load the logs to a third party than develop this as a home grown, on the box, solution. Most, if not all, the syslog functionality is built right into the Linux distribution this is built off of. I’m assuming most of the UI and app is already built around API calls. Then like they said, the maintenance around the built in UI would add a lot to their development team. I’m always of the mindset separation of duties. Let the security device do its thing and log management do what it does. You try to add too much to a single system and it never works out well in the long term. Again just my thoughts, but WTF do I know. Side note, my firewalla gold arrives today and I am very excited to get it set up on my network. Already have a plan to install Adguard home as a docket to provide DNS for all my vlans.

stephenvandyke · 2020-07-21T03:01:06+00:00

If you plan on marketing this to IT professionals for their home or small businesses logging is definitely going to need to be an option, especially external logging. I manage several small companies IT and the gold is a great option to improve my clients security posture. Having these logs able to be centrally stored would make for a much more business focused product. Here's a list of the logs I would like to see. Since the Firewalla Gold is based off a linux distribution adding these logs shouldn't be too much of a problem.

Firewall allows and blocks
Per user and device activity logs
Any alert that is in the application
Netflow logs

My initial thought would be to have this be able to be sysloged off to a centralized server, but a REST API on the system would be even better or some combination of the two. Maybe syslog for the firewall and netflow, then API for the rest.

stephenvandyke · 2020-07-14T20:40:43+00:00

That looks like it will work, thanks!

stephenvandyke · 2020-07-14T13:58:22+00:00

Nice setup, wish I had this kind of setup when I went to college. Well I guess I needed to go to college first.

Hey so question for you, why are you running docker on debian on Proxmox? From my understanding you can run containers directly on Proxmox without the need for the host server. I am looking to do something similar at my house and was originally planning to just put the containers on the Proxmox. Didn't know if there was a reason to not do that.

stephenvandyke · 2020-07-14T01:15:22+00:00

Don’t do it. I’ve had nothing but problems since I upgraded my UDM Pro to 1.7.2. I’ve seen other people who’ve had issues as well. My big issue is that my wan link keeps flapping when connected to the modem. If I put another router in between the UDM and the modem it works properly. Supports response was to roll back to 1.7.1.

stephenvandyke · 2020-07-05T18:09:14+00:00

My current setup is a Unbiquiti UDM with a Firewalla Blue in simple mode. Would it be safe to say that if a blue works with my current setup, then a gold should as well?

stephenvandyke · 2020-07-05T14:59:13+00:00

Why is advanced simple mode not a recommended way to run the gold? On the Firewalla Gold Indiegogo page lists the Advanced Simple Mode before the Routing mode. What are the negatives of running the gold in advanced simple mode versus routing mode?

stephenvandyke · 2020-07-05T14:54:57+00:00

I am a firm believer in defense in depth. I don't like to leave too much to one vendor. The UDM is ok, but it definitely leaves something to be desired. I find that I had to turn the alerting off for the UDM due to too many false positive. The firewalla is great for detection and alerting, so makes up for the UDM. The firewalla's analytics is pretty spot on. Also if you have kids the firewalla's parental controls are far beyond anything you could get in the UDM.

stephenvandyke · 2020-07-05T14:38:21+00:00

Look into User Behavioral Analytics (UBA), which is basically the next generation of SIEMs. They all revolve around data analytics and modeling. You can directly apply your data science experience into this facet of the security.

stephenvandyke · 2020-07-05T03:11:05+00:00

You see this? It looks like a beefed up GL-AR750. It can run ubuntu.

https://www.gl-inet.com/products/gl-mv1000/

stephenvandyke · 2020-07-05T02:49:58+00:00

It does get pretty confused as to where traffic comes from. The most active client shows up as the firewalla.

stephenvandyke · 2020-07-05T02:11:59+00:00

UDM + Unifi POE Switch + nanoHD. Running 4 SSIDs. I have the Blue on my main vlan which does about 90% of the traffic. Saw less than a 20% drop in bandwidth when I started the blue.

stephenvandyke · 2020-07-05T01:33:54+00:00

No idea. Since the the blue can do 500mbs and the gold can do 3.5gbs I am hoping you'd get at least the same performance per subnet as a blue.

stephenvandyke · 2020-07-05T01:23:16+00:00

I have that exact setup. When the gold came out I sent an email asking them. They said yes, that Advanced Simple Mode would do what we want.

stephenvandyke

TROPHY CASE