Help! I've fallen down the Protectli rabbit-hole and I can't get up!

  • Be sure to checkout “Tips & Tricks”
    Dear Guest Visitor → Once you register and log-in please checkout the “Tips & Tricks” page for some very handy tips!

    /Steve.
  • BootAble – FreeDOS boot testing freeware

    To obtain direct, low-level access to a system's mass storage drives, SpinRite runs under a GRC-customized version of FreeDOS which has been modified to add compatibility with all file systems. In order to run SpinRite it must first be possible to boot FreeDOS.

    GRC's “BootAble” freeware allows anyone to easily create BIOS-bootable media in order to workout and confirm the details of getting a machine to boot FreeDOS through a BIOS. Once the means of doing that has been determined, the media created by SpinRite can be booted and run in the same way.

    The participants here, who have taken the time to share their knowledge and experience, their successes and some frustrations with booting their computers into FreeDOS, have created a valuable knowledgebase which will benefit everyone who follows.

    You may click on the image to the right to obtain your own copy of BootAble. Then use the knowledge and experience documented here to boot your computer(s) into FreeDOS. And please do not hesitate to ask questions – nowhere else can better answers be found.

    (You may permanently close this reminder with the 'X' in the upper right.)

Where can I learn about firewall theory?

  • There's this excellent book (mention in comments)

    Votes: 0 0.0%
  • Here's a wiki that will answer all of your questions (mention in comments)

    Votes: 0 0.0%
  • Bless your little cotton socks

    Votes: 0 0.0%

  • Total voters
    1

ethom

New member
Aug 3, 2021
1
0
Hello!

I found myself in a little over my head recently. I've been learning about computer and network security as a hobby for the last two years (often inspired by "Security Now!"). Out of an abundance of caution, I purchased a Protectli "Vault" so to keep my network secure while setting up a personal server.

Usually with new devices I can fiddle with settings, experiment and, falling those, find guides online. I got into my "Vault" and didn't recognize a single setting. I tried to read the docs but found them very short and pretty unspecific. I think that I need a more general introduction to firewall theory.

So, in-order to proceed on my task, I ask you:
 
I have been thinking about getting one of these to play with. In fact I have had one on my wish list so long it is now out of date. Hopefully one of these days I will actually get one to see how much fun you can have.
Generally speaking I would check out pfsense. Regardless of your experience level I think you will find the community around it very helpful.
 
In order to understand the basics, you need to understand how TCP/IP works. Know what IP addresses are, what packets are, what ports (of the IP kind) are. Then you need to know some info about some protocols, and which ports they're used on. You may also need to understand DNS a bit. Beyond that, unclear what the issue is. A firewall is just rules. You don't need any rules if you don't have traffic. So what's your traffic that you're having problems making rules for? (Granted I have never used this Protectli thing you mention, but I presume all firewalls are kind of the same.)
 
I have 2 Protectli boxes running Pfsense. Lots of videos on setting up Pfsense. Look on YouTube for ones by Lawrence Systems...Tom is excellent!
 
Before you get too involved with configuring it (the default installation of pfSense should work as is), I would make sure it can maintain an internet connection before you decide to keep it. I purchased a Protectli FW4B late last year and a few months ago started experiencing constant internet connection problems. It turned out to be the Protectli device. When connected directly to my cable modem, it just can't maintain an internet connection for more than a few minutes at a time. The WAN interface constantly cycles up and down.

Protectli support was very helpful. They first sent me a replacement unit, which didn't help. Then there were many messages back and forth with suggestions on settings to tweak, logs to look at etc. I talked to a guy on the phone, he remotely connected to the device, I provided packet captures. All to no avail. He finally admitted defeat and offered a refund.

I decided to keep the device because it does work perfectly when I have my old Asus RT-AC68U router in between it and the cable modem. So, it is in the DMZ of the Asus. I am hoping that one day an update to pfSense and/or FreeBSD will get the FW4B working again and I can put it back on the front line.
 
I decided to keep the device because it does work perfectly when I have my old Asus RT-AC68U router in between it and the cable modem
Weird. Having looked at the Protectli devices on Amazon, it appears they're NUC styled devices with passive cooling. I wonder if the amount of broadcast traffic on the direct cable model was causing the NIC to work too hard, and overheat? Unless there is some magic packet that the NIC would choke on and reset, I can't think of any reason for the weird behaviour. And if it was some bad packet, you'd expect you wouldn't have been the only one to suffer in that way. I have an ASUS router that had the same problem as your Protectli. It would keep randomly rebooting. It wasn't until the most recent patch that that weirdness finally stopped (which I am lucky to have received as my device is now out of support.)
 
One option for someone looking to step up from consumer routers (good choice) is the Pepwave Surf SOHO. Its $200 US for a professional router with WiFi. The big limitation is the 110Mbps speed. Also, running the OpenVPN client on the device will probably stress it greatly. Read details about it here

As for configuring a professional grade device, I created a cheat sheet here

Its not for everyone, no one router is appropriate for everyone, but after reading those two pages, you should know for sure whether it is right for you or not. If speed is holding you back, the next Peplink model up is $400 and its rated for 900Mpbs. They all have a very similar UI.