|
Spring Heeled Jack posted:Microsoft’s own docs are better than they used to be: https://docs.microsoft.com/en-gb/windows/deployment/deploy-windows-mdt/get-started-with-the-microsoft-deployment-toolkit That worked for the last windows 10 update but this one didn’t And then we had a 27gb image because of drivers Ugh
|
# ? Dec 20, 2020 16:39 |
|
|
# ? Apr 25, 2024 10:21 |
|
BonoMan posted:Interesting - thanks! Was Bomgar/BeyondTrust missing a feature that drove you to CyberArk? (Also feel free to put this in a DM if it's too off topic for the thread) Bomgar is the legacy app. CyberArk is a new, walled garden for external business partners.
|
# ? Dec 20, 2020 16:48 |
|
Bob Morales posted:That worked for the last windows 10 update but this one didn’t What kind of drivers? Just PC model specific ones? We have a step in the task sequence that pulls the pc model from the bios and uses that to line up with a folder in the driver repo. We still use fat images because we have an old LoB app baked in, but that’s all at this point.
|
# ? Dec 20, 2020 16:58 |
|
Spring Heeled Jack posted:What kind of drivers? Just PC model specific ones? Yea. We also do that so I don’t know why the image is so big. I’m going to revert to WDS VM back a snapshot and then just work through it step by step
|
# ? Dec 20, 2020 17:07 |
|
I could use a quick recommendation for basic in-band monitoring tools. Super basic nagios type feature set is all that's needed, disk space alerts etc. I've fiddled with influxbdb / telegraf / grafana before just to learn, but wonder if I can get away with just Cockpit for an interface or similar, something else for alerting, and not have to janitor an influxbdb instance.
|
# ? Dec 21, 2020 00:11 |
|
Since we're in the small business thread, I am going to recommend PRTG. It's easy to set up and easy to use. I don't like implementing super custom stuff that would be hard for another engineer to use.
|
# ? Dec 21, 2020 00:36 |
|
Seconding prtg for something that’s super simple, plug and play monitoring.
|
# ? Dec 21, 2020 00:40 |
|
PRTG is cheap and really really easy to use. But needs windows host. If you have that available do it. If nagios is what you need.... why not nagios
|
# ? Dec 23, 2020 04:32 |
|
I dunno, you might be able to press a solarwinds rep really hard for a massive discount right now!
|
# ? Dec 23, 2020 13:20 |
|
I'm sure there's a better thread for this question, so if it's easier to ask there if someone could link it I'd appreciate it. Long story short, with one of our 'in-browser' report generators we have uses dropdowns/radio toggles so you can filter it down to specifics. When you do this it does it's job, you click on a link that gets you to that info bing bang boom. You hit the back arrow in Chrome and it completely resets/refreshes the page erasing the prior filtering. Firefox and IE do not do this. Is there a setting I can force in Chrome to make it act like Firefox and IE ?("save" the previous filters in place) Thanks guys, you may save myself and my report guy some headaches and bullshit.
|
# ? Dec 30, 2020 15:54 |
|
I have a few sattelite offices coming on board next week and two are in remote locations without reliable/fast internet, but there is reasonable 4g LTE there. I am in the United States for context. We were looking at meraki devices for LTE/failover which looks good, with the question being how/where do I get the LTE plan/sim cards for these devices? Cisco Meraki Z3C I'm going to talk to a local ATT rep but not sure if there is a better way or solution for pure data devices
|
# ? Dec 31, 2020 01:05 |
|
I've dealt with AT&T business support for embedded 4g applications. Don't do it. You'll regularly be stopping payment on accounts to get attention of a support rep.
|
# ? Dec 31, 2020 23:02 |
|
Potato Salad posted:I've dealt with AT&T business support for embedded 4g applications. Don't do it. You'll regularly be stopping payment on accounts to get attention of a support rep. We had AT&T Business fiber for a while and, no idea what crossover this may have with 4G app support, but... I was astounded at how bad the support was. Like literally appalled. I've dealt with TONS of bad support over the years but nothing was just as absolutely loving opaque and obfuscated as ATT business support. I *never* got a person who knew anything (or would even respond and/or follow up) and the phone tree (and nomenclature) is appallingly bad. The one time I ever got a decent response was complaining on Twitter and I got a call from some executive in Atlanta. It is hands down the worst support I've ever experienced. There isn't even a distant second. We finally switched to a local fiber outfit and it's been refreshing to actually call a support center and *gasp* talk to someone and get a problem solved. Anyway... I've been holding that in for a long time.
|
# ? Dec 31, 2020 23:09 |
|
Can't you just throw an unlimited Verizon SIM into each location? We've got quite a few people on unlimited Vodafone plans in for around £30/month on Teltonika 4G routers and it works great.
|
# ? Dec 31, 2020 23:33 |
|
The Meraki didn't work with my Verizon LTE chips for some reason. But did work with my coworkers LTE from ATT. Either way we are going with ATT so wish me luck!!!!
|
# ? Jan 1, 2021 01:48 |
|
I'm pretty terrible at Networking. It's my weakest knowledge point, so if what I'm saying/asking is obvious that's probably why. My company has a VPN setup to allow work from home employees to connect to our local fileshares and other things of that nature. We recently decided to host a virtual server in our datacenter (Michigan) for some Carolina locations we have (separate company altogether, but still under our "umbrella"). Most of the employees just RDP to the server, and they are fine. We have one employee who really doesn't have a need to use the server, but still connects to fileshares that are hosted on it. Her transfer rates are ABYSMAL. Like 5 megs or less could take 30 minutes to transfer. That seems a little much for me even accounting for the distance. Could there be any other cause? I don't know poo poo about VPN so I'm grasping at straws at this point. Can anyone give me a brief schooling? Is this normal? Should I just tell her there's nothing we can do?
|
# ? Jan 12, 2021 00:45 |
|
Close ticket as “WFH related” and go to the bar if they are open where you live
|
# ? Jan 12, 2021 01:00 |
|
Comfortador posted:I'm pretty terrible at Networking. It's my weakest knowledge point, so if what I'm saying/asking is obvious that's probably why. My company has a VPN setup to allow work from home employees to connect to our local fileshares and other things of that nature. We recently decided to host a virtual server in our datacenter (Michigan) for some Carolina locations we have (separate company altogether, but still under our "umbrella"). Most of the employees just RDP to the server, and they are fine. We have one employee who really doesn't have a need to use the server, but still connects to fileshares that are hosted on it. Could certainly be troubleshooted, but I'd imagine most responses to "slow transfer speeds over a client-to-site VPN, and then over RPD" are going to be "stop doing that." Test their internet speed without the VPN/RDP. Test their internet speed with VPN. Use something like iperf or Powershell (https://4sysops.com/archives/free-network-performance-monitoring-with-iperf-and-powershell/) to test speeds [edit: to the file share] over the VPN, but without RDP. Truthfully, the modern approach is to not do what you're doing. Find a method to share files that isn't everyone connecting to some hub. OneDrive, Box, Dropbox, Azure Files, anything. [edit: I re-read your post and I see that the person isn't transferring over RDP. If the person can do this file transfer work from inside RDP, they will have a better time. As long as they're not transferring files from their computer to the server, but more within the server's network like the other RDP users are doing.] Internet Explorer fucked around with this message at 02:04 on Jan 12, 2021 |
# ? Jan 12, 2021 01:11 |
|
SMB (the file sharing protocol) runs like poo poo once you have any sort of latency involved. If that person has an awful DSL service or is using a mobile hotspot (or even satellite) then it's not surprising for file transfer performance to be terrible.
|
# ? Jan 12, 2021 01:19 |
|
Its sub-par broadband but still not so bad to explain the transfer times. I ran tests from my home and the transfer goes fine using the same VPN. The only difference is I'm logistically closer in Michigan, shes in South Carolina. Oh well.
|
# ? Jan 12, 2021 02:35 |
|
what are the best options for physical badge/FOB security that won't make me want to hang myself?
|
# ? Jan 13, 2021 02:16 |
|
Paxton is cheap and acceptable, the software is a bit clunky but at least it runs on modern Windows without any problems. Just get the networked door controllers rather than the serial ones. If you have the budget then I’m sure you can do better with the Axis A1001 or the Avigilon stuff but the price goes up accordingly. I wouldn’t look at the Ubiquiti stuff as you want a 10-15 year lifespan on that sort of thing and I wouldn’t want to put money on Ubiquiti remaining interested in supporting and developing the range.
|
# ? Jan 13, 2021 02:24 |
|
Fobs/prox cards? Naaah, get a system that can just use people’s phones. I have no idea what the price bracket is you can play in, but we installed Openpath halfway through last year and it is slick as hell. Since I had admin access to set up the saml integration I went ahead and set up my phone as a factor. First time I went into the office, waved my phone and I was in. You’re probably gonna have to talk to an installer/integrator anyways so you might as well start a conversation to see what they resell and get the ball rolling on quotes.
|
# ? Jan 13, 2021 02:25 |
|
yeah that sounds sweet, we use Okta for SSO and SAML sounds slick as hell. I'll check that out. Thanks goons. This thread owns bones.
|
# ? Jan 13, 2021 02:29 |
|
Good, then if you have Okta you can also tie Openpath into the LDAP interface to pull in groups. Combine that with group rules and whatever onboarding automation you have in Okta and time spent managing Openpath will be minimal.
|
# ? Jan 13, 2021 03:26 |
|
Anyone got a good resource on SSD vs. spinners in a small server? I'm provisioning a small server to run a number of containers, think intranet, Linux mirror, network monitoring etc. I need stability and longevity above all, not huge read or write speeds. My instinct is 3x SSDs in a RAID5, but I'd love to hear any thoughts. My boss is a really good guy but a little stuck in 2005 at times. We're a Dell shop, by the way.
|
# ? Jan 18, 2021 11:14 |
|
While RAID5 is probably fine with SSDs given the rebuild time would be comparatively quick compared to spinning disks, if your goal is stability and longevity in a single chassis then 3x SSDs in RAID1/Triple Mirror assuming the controller supports it; if not, then mdadm can do the job with any number of drives. Alternatively you could just RAID1 the two drives and use the third for a hot spare if you don't want to mess with software RAID.
Sheep fucked around with this message at 12:19 on Jan 18, 2021 |
# ? Jan 18, 2021 11:53 |
|
Add a drive (4) and go RAID 10
|
# ? Jan 18, 2021 13:41 |
|
Bob Morales posted:Add a drive (4) and go RAID 10
|
# ? Jan 18, 2021 22:52 |
|
I have been tasked with changing an old sonicwall TZ-?00 configuration. They have a PC hooked up to it that is used to access things over a VPN and they need the PC to see things on another LAN. As far as I can tell the sonicwall should be able to route between 2 LAN with just putting them in the same zone. The firewall rules all auto-add to let this happen when you put the interfaces in the same zone but it doesn't work. I tried setting rules myself, adding routes, etc. still doesn't work. Each side can ping the sonicwall interface on the other network but nothing else on other network. It seems like a straightforward thing and I'm sure it is a simple setting I am overlooking so it is driving me nuts. First question is if anyone knows what I am missing or if I am going about it the wrong way? I know they won't replace it right away so I still want to figure this thing out. Second question is what should I suggest they replace it with?
|
# ? Jan 24, 2021 07:54 |
|
Both networks have Sonicwall? You'll want to setup a site to site VPN, which can also be setup with some non-Sonicwall firewalls as well. Depending on how things are setup, overlapping subnets could break things, so best to avoid that if possible. This link has a bunch of info for setting up site to site VPNs. https://www.sonicwall.com/support/knowledge-base/types-of-site-to-site-vpn-scenarios-and-configurations/170505702411896/ Sonicwall is pretty good and the new TZ-x70 models are a big upgrade over the older ones. I'd recently tested the new Datto router with 4G LTE failover and was pretty impressed with how easy that was to setup, has a nice cloud interface for management.
|
# ? Jan 24, 2021 08:21 |
|
Phuzun posted:Sonicwall is pretty good
|
# ? Jan 24, 2021 16:06 |
|
Phuzun posted:Both networks have Sonicwall? You'll want to setup a site to site VPN, which can also be setup with some non-Sonicwall firewalls as well. Depending on how things are setup, overlapping subnets could break things, so best to avoid that if possible. This link has a bunch of info for setting up site to site VPNs. Say X2 is 192.168.168.1/24 and X3 is 10.10.10.1/24, both interfaces are put into the LAN zone, and computers are put on each with appropriate IPs. According to documentation/google setting them to the same zone auto adds rules to allow Any/Any which I can see it did. The sonicwall can ping everything else and should be routing between them but the computers cannot see each other and I don't know why.
|
# ? Jan 24, 2021 19:57 |
|
CampingCarl posted:I don't know what the other side of the VPN has for a firewall, I don't think it is a sonicwall, but the VPN isn't the problem. So X2 and X3 plug into their own switches? Cause setting them to the same zone should work how you've described. If there are routers, you'll likely need to do a static route, NAT policy, and access rule setup. One other thing is that ping maybe blocked between the networks if the Enable Management isn't enabled on the rules, since it treats it as a management service. What is doing DNS for each of the networks?
|
# ? Jan 24, 2021 21:24 |
|
Phuzun posted:So X2 and X3 plug into their own switches? Cause setting them to the same zone should work how you've described. If there are routers, you'll likely need to do a static route, NAT policy, and access rule setup. Ping is turned on on the interfaces, the sonicwall can also ping both sides, and trying to browse to a share also doesn't work. For the original terminal there isn't even DNS because its only purpose is to do something over the VPN, and now get some files from the other network.
|
# ? Jan 24, 2021 22:30 |
|
CampingCarl posted:I have been tasked with changing an old sonicwall TZ-?00 configuration. They have a PC hooked up to it that is used to access things over a VPN and they need the PC to see things on another LAN. As far as I can tell the sonicwall should be able to route between 2 LAN with just putting them in the same zone. The firewall rules all auto-add to let this happen when you put the interfaces in the same zone but it doesn't work. I tried setting rules myself, adding routes, etc. still doesn't work. Each side can ping the sonicwall interface on the other network but nothing else on other network. It seems like a straightforward thing and I'm sure it is a simple setting I am overlooking so it is driving me nuts. while you're there make sure you don't have sslvpn on any of them, per the compormise they announced other the weekend
|
# ? Jan 25, 2021 04:56 |
|
NevergirlsOFFICIAL posted:while you're there make sure you don't have sslvpn on any of them, per the compormise they announced other the weekend Got a link or CVE for that?
|
# ? Jan 25, 2021 18:45 |
|
bolind posted:Got a link or CVE for that? It's turning out to not be so bad overall from what SonicWALL is saying: https://www.sonicwall.com/support/p...10122173415410/
|
# ? Jan 25, 2021 18:56 |
|
CampingCarl posted:Right now they plug directly into computers to narrow what the problem could be. One will be plugged into a dumb switch, no other routers between the sonicwall and what are supposed to talk. I assume there is a router on the other network for internet, I can look tomorrow, but since it doesn't even work with PCs on the interfaces I haven't worried about that yet. Figure this out? I'm thoroughly confused by your description of this setup. The Sonicwall isn't working as a router/firewall for both networks?
|
# ? Jan 26, 2021 21:17 |
|
|
# ? Apr 25, 2024 10:21 |
|
After reading a few times, I think this is how things are setup? sorry for the terrible paint I'm tired and don't care to do more work: So, a few things: 1) The VPN you speak of, is it an IPSEC tunnel off the sonicWALL or is it a VPN client of some kind from PC1? 1a) If it's a VPN client is it doing full tunnel or something weird like that? 2) Building on the above, what is the subnet on the other side of the VPN that PC1 talks to, does it in some way overlap one of the local subnets? (this probably isn't the issue but whatever) 3) If there isn't something weird due to the aforementioned VPN setup/subnets, I would packet capture on the SonicWALL and it should show you what's going on.
|
# ? Jan 26, 2021 21:43 |