About SabreAce33

I started building out a very simple dev (read: unhardened) docker build for MineMeld here: https://github.com/swannysec/MineMeldDocker   Looks like it won't start up correctly inside a container and I think it might be related to the use of UNIX sockets and/or something to do with supervisor.  Anyway, feel free to take a stab at it!  I have to put it aside for a few weeks, but feel free to submit PRs if you find something. ... View more

FYI - Having major issues with last night's content update.  Inspection of traffic from our client environment to our domain controllers is causing significant logon/logoff delays.  I changed from an app rule to a traditional port/service rule (as app updates have broken things in my environment often) and that made no difference.  I reverted to 482 and the problem was resolved immediately.  In the process of opening a case now. Will try to update this as I get more information.  Anyone else having issues? ... View more

I have a single QoS profile applied to a pair of internal interfaces as seen in the screenshot below: In this case, will the two internal interfaces have a single shared maximum egress number or will the full maximum egress apply to each interface separately?  In other words, are the QoS limits per interface or per profile? Thanks! ... View more

All, I have a bizarre situation and I'm wondering if anyone has seen it before.  We are currently using a pair of 5050s in Active/Passive.  They are configured with a very simple OSPF instance and have their default route injected via that OSPF instance.  They are each connected via a single link to our ISP, let's call those interfaces on the ISP's end 10.10.20.89 and 10.10.20.91 for the sake of discussion.  The two ISP switches we connect to share a L2 link between them, so that no matter which one is hot from the ISP's perspective, our traffic will flow to either 89 or 91, and then either directly out the interface facing the ISP or across the L2 link to the other switch and out that device to the ISP.  Hopefully that makes sense. Currently, some traffic simply isn't reaching us.  Our ISP shows it traversing their network, but we never see traffic arrive at the external interface of the active firewall.  Are we doing something unsupported or do I need to poke my ISP about a routing issue on their end? ... View more