So I am most likely going to purchase the Business edition for a small business that i manage the IT for, as well as the personal version for my home (I prefer to run the same software for home as I do for work, makes my life easier, minus the AD authentication).
Hardware pre-cursor:
SuperMicro A1SAi-2750F
Atom C2750 (8 Core)
32 GB ECC DDR3
500GB HDD (SATA/SSD)
4 Port 1GigE + 1 IPMI
I have some Questions I'm wondering if people can answer:
1) WAN Failover, I'm assuming I can set 2 ports as WAN ports and set 1 as a priority and a second as failover should it be needed?
2) Does the firewall respond on forwarded ports or are they stealthed (no response)?
3) Does the ClearOS prefer port forwarding, or NAT/DNAT'ing ?
4) Does ClearOS support LetsEncrypt.com SSL Certificates?
5) Can ClearOS also prevent/catch/ID unwanted outbound malicious traffic?
6) Does ClearOS firewall easily support apple/google account sync'ing and facetime/imessage support? (some firewalls are a royal pita to get working with facetime... Sophos UTM for example)
7) Can ClearOS act as a wifi manager for Ubiquiti Wifi APs (on the LAN side)?
8) Can a port be assigned as a "Guest" network with Bandwidth control and give it low priority via QoS (we have a local wifi that we offer to guests, but we want to limit the speeds they get) ?
9) Any issues allowing Dropbox traffic through to an internal NAS?
Currently I'm using Sophos UTM 9.1, however we have been finding it a tad annoying to allow certain technologies to works well (facetime, etc). Hence the desire to move to ClearOS, and also be able to utilize this hardware a little more effectively with some custom basic web apps (tbd).
Any suggestions/pointers are welcome.
Hardware pre-cursor:
SuperMicro A1SAi-2750F
Atom C2750 (8 Core)
32 GB ECC DDR3
500GB HDD (SATA/SSD)
4 Port 1GigE + 1 IPMI
I have some Questions I'm wondering if people can answer:
1) WAN Failover, I'm assuming I can set 2 ports as WAN ports and set 1 as a priority and a second as failover should it be needed?
2) Does the firewall respond on forwarded ports or are they stealthed (no response)?
3) Does the ClearOS prefer port forwarding, or NAT/DNAT'ing ?
4) Does ClearOS support LetsEncrypt.com SSL Certificates?
5) Can ClearOS also prevent/catch/ID unwanted outbound malicious traffic?
6) Does ClearOS firewall easily support apple/google account sync'ing and facetime/imessage support? (some firewalls are a royal pita to get working with facetime... Sophos UTM for example)
7) Can ClearOS act as a wifi manager for Ubiquiti Wifi APs (on the LAN side)?
8) Can a port be assigned as a "Guest" network with Bandwidth control and give it low priority via QoS (we have a local wifi that we offer to guests, but we want to limit the speeds they get) ?
9) Any issues allowing Dropbox traffic through to an internal NAS?
Currently I'm using Sophos UTM 9.1, however we have been finding it a tad annoying to allow certain technologies to works well (facetime, etc). Hence the desire to move to ClearOS, and also be able to utilize this hardware a little more effectively with some custom basic web apps (tbd).
Any suggestions/pointers are welcome.
Share this post:
Responses (3)
-
Accepted Answer
-
Accepted Answer
So I tried the latest version 7.3, and right from the get-go, I've had nothing but problems.
After initial installation, As soon as I clicked on the EDIT button on the Externally assigned port, I'd lose total connectivity to the WebAdmin panel. I had to use the mobo's local connection to get into the network config and setup my PPPoE connection. Once that was done and it connected, the Webadmin regained accessibility.
Then, once I WAS connected, the webadmin continued to be very flaky on its access. At random different times the entire webadmin would stop responding. The device was still working as I had SSH access, and it never dropped that connection and I was actively streaming youtube with no problems. After running into this problem for 4 hours straight, I've given up on ClearOS and went back to my Sophos UTM for now (until someone can explain why I was getting the webadmin access problems).
I cant justify spending money on something that clearly doesn't work atm.
Just to be fair, I used to manage an older clearbox for a business I used work for, so I'm not new to clearos, it just happens to be the newest version seems very, very flaky.-
Michael Propermore than a month agoInteresting feedback and experience. Not common at all. Looking forward to hearing others feedback. Thank you for giving ClearOS a try, sad your experience was negative. Something must have been at play here... :)
Location [ View Larger Map ]
-
-
Accepted Answer
You're asking some difficult questions here and I can only answer some of them:
- Yes but I've never used MultiWAN
- The response is governed by the device you've forwarded to
- I don't understand the question. When you set up a port forward in the Webconfig, three firewall rules are created, one in the FORWARD chain which is a basic allow forward, one in the PREROUTING chain which does a DNAT and one in the POSTROUTING chain which does a SNAT.
- Not natively. I use them and they are quite easy to set up. They are good for the webserver and I am trying them with IMAP/SMTP but I'm waiting to see what happens when they roll over. You cannot create certifcates with them so would not be used for OpenVPN. You don't import them through the webconfig, but use a LetsEncrypt client to handle them I use certbot but I believe there are others. It is not ideal to use them for the webconfig as ClearOS can overwrite the config.
- It depends how you run the system, but generally there are no outbound filters. You can change the default policy to block all LAN -> WAN traffic then allow by exception. There are various tools available to restrict traffic (proxy/content filter, protocol filter, IDS/IPS, app-attack-detector (but you need to make a change to the default installation for it to work effectively) and so on)
- I've never had any problems with my google accounts, but I don't know what you mean by account syncing. If you mean IMAP e-mail then no problem. My son has never had any Facetime issues.
- There is no app for it so I've no idea what can be done.
- I don't use QoS so I don't know. I would expect it to work by IP address rather than physical port. ClearOS can use a port as a HotLAn which is great for Guest WiFi.
- I don't see why there would be an issue unless you change the default policy of the LAN->WAN firewall, but I don't use dropbox.
- Yes but I've never used MultiWAN
Please login to post a reply
You will need to be logged in to be able to post a reply. Login using the form on the right or register an account if you are new here.
Register Here »