They are getting this rejection while using the webapp? Or are they using an email client, like Outlook.

I'm curious to know if you put a log function on your firewall rule if this is being hit.

Try not to over-complicate the firewall.

If you need to allow ClearOS to be your webserver, you should only use the 'Incoming Firewall Rules' ruleset. Adding 1:1 NAT is for extra IPs from your ISP and will only confuse your firewall if you only have the 1 IP address.

https://www.clearos.com/resources/documentation/clearos/content:en_us:kb_o_virtual_interfaces_dmz_port_forwarding_and_1-1_nat

Did you use the 'yum search custom' and then install using 'yum install app-NAME_OF_MODULE'?

In the graph it says 'kb/s'. That correlates to the numbers I see in the long report as well.

Does your ClearOS server have a public IP (not an RFC 1918 address)?

If it uses a private schema, a lot of common attacks will be conducted against your frontend router instead of your ClearOS server. You would only see activity typically on open ports or if your defenses on your ISP head-end router fail.

Also, make sure the services are running in the Prevention and Detection modules.

The ip address listed is a common one used for VPN tunnels between a backup and primary in an HA mode configuration common to ClearBOX. If your servers are in HA mode, this could be your backup server attempting to tunnel through your primary in order to perform updates. If that is the case, open a ticket and have the ClearCenter engineers fix your update VPN from your standby server.

The log you have posted is showing the server side of things. It is not being verbose enough to know what is happening on the client side. Is this a road-warrior connection you are attempting or a site-to-site?

Either way, do you have log files from the client side you can share?

Re: some help and questions on clearos

No one should ever need to apologize for their use of English or any language on this forum. If you ever feel like you are not expressing yourself properly, put your post in English and also in your native tongue.

For more information on ClearOS there is training that is free. You can use the documentation or you can go to the training section for certifications.

1- Dhcp:
2- Dns:
3- Firewall:

Here is a video I did with HPE that will help you with these first three.

4- Proxy:

I would recommend using Gateway.Management instead of Proxy to control your egress firewall. The proxy is a very old way to handle this traffic. It will work but it will have a lot of difficult configuration in order to filter for HTTP and HTTPS. We have lots of documentation for how to filter traffic in this older way. But if you use Gateway.Management you will have much better filtration.


5- Active Directory:

You are welcome. The log files that show who logs in is in /var/log/samba/*. You can use the log viewer to view this but if you know how to use 'grep' from command line then you can look for the login events and then create a daily report of login events.

6- Vpn: I have been trying to configure this module but it has been a bit complicated, I have managed to activate the service, in some documents I saw that the internet hostname should be my public ip, since I do not have a domain that points to this ip publishes. I would like to know how to configure the range of ip openvpn service (I think it is the best, I am also willing to try other applications if they are better)
From here I get some questions, if a team is externally can connect to the active directory? If it connects, should I configure the machine to start the openvpn before it enters the user? What happens with the machine when it is connected locally and has the vpn active, is it with 2 ips? Do you have a problem connecting locally and with the vpn?

OpenVPN is not well suited for loading before the login screen for Windows (GINA). That being said, users that log in at the corporate site will be able to login via cached credentials when they take their device offsite. They will not process login scripts but they will be able to log in with the last password that was valid when the box was on the network. Now, if you need to have Directory login remotely from a static site (like the owner's home or a remote office), then you can install ClearOS on the firewall at the remote location and use a VPN tunnel between the sites. There are several technologies that work here including the Dynamic VPN app, Static VPN for Business or even using OpenVPN.

Next, for road warriors, you can set up Dynamic DNS to apply a 'poweredbyclear.com' DNS entry to your ClearOS server. You can either use that address for your public address for config or you can even point your own domain CNAME record to the poweredbyclear.com address. For example, if your Dynamic DNS name was example.poweredbyclear.com and your domain was mydomain.example.net then you could point the CNAME record for vpn.mydomain.example.net to example.poweredbyclear.com. Then your clients can be configured for the vpn.mydomain.example.com and even if you use DHCP for your server and the IP address changes, the DNS will follow the IP.

7 - Print Server:

This uses CUPS to provide printing. In ClearOS this is called the Advanced Print Server.

8- Backup server:

There is a great community app that will help you here to backup your workstations to your ClearOS server. It is called BackupPC. I've not used it in a while but there are community members that use it all the time. Last time I used it in production we were backing up Windows Workstations using SSH and cygwin and implementing VSS (Volume Shadow Snapshots) to baremetal backup PCs.

9- Radius Backup:

RADIUS is an authentication provider. I'm not sure what you will do or use it for to do bandwidth management. RADIUS can be made to implement WPA2 Infrastructure mode with takes your user accounts and uses Usernames and Passwords in the directory to authenticate users instead of using Pre-Shared Keys (PSK).

10- I have seen some other security applications that I would like to try more calmly.

The Attack Detector and the Intrusion Detection and Prevention apps are really important for security. You will want the IDS Updates those because the Intrusion Detection and Prevention apps are pretty useless without them.

Sometimes when I just want to stand up a demo of ClearGLASS I install app-smtp and the set up a relay destination to a bogus LAN IP. That way the email gets stuck in the queue. Then I run the following to look for the mail ID

mailq

Then I read out the contents and simply copy and paste the url to my browser:

postcat -qv 76A6E893

Where 76A6E893 is the mail id