Results 1 to 6 of 6
  1. #1
    Newbie
    Join Date
    Oct 2008
    Posts
    5

    Default too many sessions after fresh install

    hello community,

    sorr for my english ... ok ... i reinstall my untangle NG firewall to fresh installed server in transparent bridge mode and than i test untangle with only external interface connected (internal interface was disconect from my internal switch). and after few hours (every day it was started at 5pm) there was over 120 000 sessions bypassed on untangle and my local network was flooded by many flows. i must turn of untange or turn of port on switch, where was external interface of untangle connected. my config of untangle was basic - so no bypass rules, firewall rulles was outside dany, inside all block. IPS enable - and all free module was enabled. so ... i dont understant, why there was too many sessions on my untangle. i had turn off all unneeded things as VPN filter or any other things, so i thing, i had untangle configured good. and if a recovered my config from our second untangle (it is still productive state of untangle and running) ... our new untangle had too many sessions at 5pm. so i think, it is ddos attack? or no? all sessions has source and destination IP outside of my local IP block (outside of my IP address of external interface of Untangle). so ... all IP addresses in sessions list was from the world. ... do anybody know, what was it? and why it was on may fresh install of untangle?.... sorry, that i dont have some screenshots, bud i install some another opensource firewall on the server, bud ... untangle was very good userfriendly firewall for me, and it is too hard to learn configure another firewall. so i want to return to the untangle still

    thank you and i hope, that it was understandable

  2. #2
    Untangler jcoffin's Avatar
    Join Date
    Aug 2008
    Location
    Sunnyvale, CA
    Posts
    7,339

    Default

    In transparent mode and not behind a NAT router, Untangle has open ports which could be attacked. I would recommend router mode if set on the outside of your LAN. Otherwise use transparent only on the LAN side.
    Attention: Support and help on the Untangle Forums is provided by
    volunteers and community members like yourself.
    If you need Untangle support please call or email support@untangle.com

  3. #3
    Newbie
    Join Date
    Oct 2008
    Posts
    5

    Default

    i know it, but i need only transparent bridge mode (as we used over in 5 years and no problem with attack because bridge mode). we have 2 Untangle. one in productive state in version 11.2 and there is everythink OK (in bridge mode of course). and we now install one new NG firewall in version 14 and after fresh install there is after few hours attack. why? Untangle is firewall! ... is there some way to prevent it in fresh install?

  4. #4
    Newbie
    Join Date
    Oct 2008
    Posts
    5

    Default

    so ... no ideas? ... i need untangle in transparent bridge mode only

  5. #5
    Newbie
    Join Date
    Oct 2008
    Posts
    5

    Default

    or, is there some difference between version 11.x and 14.x? because my untangle in version 11.2.x with transparent bridge mode is still running and there is all ok

  6. #6
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    22,805

    Default

    The behavior you're describing only happens when you plug a switch into itself, it's called a broadcast storm and Untangle bridges will create one any time you connect them improperly.

    There are buckets of differences between 11.x and 14.x, however none of them create what you're describing. Again the only thing I've seen do this is an improperly connected bridge. Obviously you've got one connected properly, but the new one likely took out your LAN in a few seconds, not hours.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2