Shocking how many of you are not posting about a huge issue with sonic wall considering their SSL VPN has been under state agency attacks for weeks now. They literally have a firmware update that requires contacting them to get currently. You know who doesnt have problems pfsense…
Sonicwall, fortinet, now Palo Alto… not all are specific to vpn. If you think any vendor is immune, you are sitting at home with a pot around your head… just saying.
Pass me whatever good good your smoking my man
You know who doesnt have problems pfsense…
Well, just list whatever CVEs the linux your pfsense is running on.
Yes this is happening. It sucks. It’s happening to many brands right now. Your open source FW isn’t safe.
You have any more info on this? I’m not finding anything and I know some people who run them.
pfSense is not the be all, end all OP thinks it is. Remember that whole government backdoor incident? If you’re going to run a BSD based firewall distro it’s Opnsense or nothing IMO. I’ve lost all trust in pfSense.
Also, because nothing is infallible: Flaws in pfSense firewall can lead to arbitrary code execution
Havny heard anything about this.
Enabling Geo-IP filtering fixed it for me.
The attack is incredibly basic. If you look at the usernames they’re guessing passwords for it’s clearly not targeted.
Majority of the US based IPs in the attacks are from cloud hosting providers. I’ve just been looking up the handles on ARIN and blocking inbound traffic from all associated CIDRs. Haven’t had any new bruteforce attempts for a couple days now and I’m blocking about 2 million connection attempts per day. Protected device is a Sonicwall SMA 410, servicing around 20 different sslvpn portals.
Can you post anything specific about this? A link? Anything?
CVE number or anything more relevant than shouting into the wind? There are no bullet proof solutions, some are better than others. Whatever you’re currently using that you think is bullet proof will be compromised, its just a matter of when.
lulz. If You think pfsense doesn’t get attacked, you’re out of your mind.
You know who doesnt have problems pfsense…
None that have been recently disclosed, anyway. The absence of CVEs is not an assurance of security. The absence of updates to software project is not a condemnation.
I spend a lot of time watching nation states try our firewalls. That’s life.
we use pfsense as well, however if you have a tailscale running behind pfsense enable NAT-PMP on pfsense to use a high performance VPN which is extremly easy to use, it has worked for us and our customers very well in the past
We worked with SonicWall to get the patch, but the patch is not intended to stop the attacks. For a number of users, the login attempt would lock up a license and over time, the license pool would be consumed. This would create an issue for legit users not being able to acquire a license.
We set up a number of rules and even went so far as disabling the Office Portal. This was a pain because, when we added a new user, we would have to re enable the portal so they could get their TOTP set up, the disable when they were done.
Long story short, the attacks stopped for a number of days, (maybe two weeks or so) but now they have started again. Even with the Office Portal disabled, we are seeing thousands of malicious login attempts again.
EDIT: What would be nice to see is ISPs and Web Hosts to be held accountable for this. I spoke with Spectrum on the phone about it, and they basically said, “sucks to suck” we don’t do anything about these things.
I mean it’s sonicwall it’s about what I expected
People still use sonicwall? Thats probably why you haven’t heard anything. Its affecting all 10 people still using that platform.