Page 4 of 4 FirstFirst ... 234
Results 31 to 34 of 34
  1. #31
    Untangler
    Join Date
    Jan 2016
    Posts
    60

    Default

    To get Exchange on new IP i have to:
    Get new external IP - As of now don't have extra IP for exchange
    Get router for new IP -
    Install one more NIC on untangle

    I was thinking to cut off all the devices which are making session with untangle during that time period (spamhaus reporting time)
    I went to Network > All sessions but there are lots of sessions.
    Connected devices during that time is hardly 10 or 15 but untangle capturing session from other subnet also, which is not related to untangle. 192.168.2.0/23 is untangle but it captures session of 192.168.6.0 / 5.0 / 4.0 etc

    second, untangle also captures sessions if two internal devices are talking to each other.
    This gives really long list.
    This makes hard to identify which devices are actually sending data to outside network.

    How do i filter events which shows me only devices which are sending data to external network and are from same subnet under Network> All session Report


    If i can get this list then i will cut off all those devices during night and see which device is malicious.

    Tried to export into excel but did not work as always animated donut (wait) symbol never goes off then and it log out untangle from web browser.

  2. #32
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    23,767

    Default

    You're still hung up on the time, the night time is IRRELEVANT.

    If your system spits out a flagged communication at any time during a 24 hour period, you're going to get listed at 1am the next day.

    No, you don't need more NICs, you just need a new IP from your ISP, slap it onto Untangle as an alias on the current WAN interface, and start configuring to use it. Use of a second NIC would actually break things.

    And if you're seeing other IP ranges, they most certainly are related to Untangle, because they're going through it. If you have ANYTHING sharing an IP address of an active mail server you're already in violation of best practices because of precisely what you're going through.

    I can see by your comments that you aren't experienced in network security, or mail server operation. And by the end of your current trial you either will be, or you'll be out job hunting. I wish you luck, but I'm not sure what else I can do for you here.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  3. #33
    Untangler
    Join Date
    Jan 2016
    Posts
    60

    Default

    Quote Originally Posted by sky-knight View Post
    You're still hung up on the time, the night time is IRRELEVANT.
    I believed spamhause always report exact time when threat was sent from my ip.
    Thats what i read somewhere and so i was looking for traffic around specific time.


    Quote Originally Posted by sky-knight View Post
    No, you don't need more NICs, you just need a new IP from your ISP, slap it onto Untangle as an alias on the current WAN interface, and start configuring to use it. Use of a second NIC would actually break things.
    Cannot add new Extrenal IP directly to Untangle as alias since it does not act as router. It act as bridge said in previous post.
    Router (192.168.2.10) is behind untangle and it cannot add two WANs and so cannot add routes.
    Screenshot of External interface settings is attached here. Gateway of this interface is pointing 192.168.2.10 (router behind untangle)

    Quote Originally Posted by sky-knight View Post
    And if you're seeing other IP ranges, they most certainly are related to Untangle, because they're going through it. If you have ANYTHING sharing an IP address of an active mail server you're already in violation of best practices because of precisely what you're going through.
    I know it is always preferable to have dedicated IP for Mail server. But this is old setup and to make any changes i have to go with certain processes.
    for e.g need to get new External IP, get router etc.
    need to know how untangle will incorporate two routers in bridge mode. which i do not know and need your help.


    Quote Originally Posted by sky-knight View Post
    I can see by your comments that you aren't experienced in network security, or mail server operation. And by the end of your current trial you either will be, or you'll be out job hunting. I wish you luck, but I'm not sure what else I can do for you here.
    Yeah i might not have advance level network experience like yours, but know the things around very much.
    If you are in my shoe what would you do to resolve this. That's all i am asking. You are guiding me at some point but i am coutering with some limitations.
    As you advised to get Mail server on other external ip, i shared you my issues and some limitation for it.

    I am already in process to get dedicated IP for mail server. Need to know how to handle second gateway in untangle while keeping existing bridge with old router.
    Attached Images Attached Images

  4. #34
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    23,767

    Default

    If I were in your shoes? I'd migrate that mess to Office365. Even with the experience I have, it's just easier.

    If you want to keep it in house, then I suppose your next step is to figure out how to replace your router with an Untangle router so you can actually do the things you need to do.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

Page 4 of 4 FirstFirst ... 234

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2