 I forgot I had to click the go live button to make this work. It's details. Details, details, details. Also I think I have the wrong chat stream pulled up, so let's fix the chat stream. We will pop out the chat, and we're going to fix this because the properties, hey, the chat works now. I think I got it right. Now the weird thing is this just got choppy and I don't know why it's choppy. Like I'm choppy. Am I choppy? That's I guess the question. I've normally done this in StreamYard. I've decided to try it again like I used to do in OBS because I wanted to test it some more. And OBS offers some options that let me make this sharper. A little bit cleaner image if you will. So let me know if the image is better or worse than it is when I use StreamYard. I don't know if I should restart the stream, but it's really weird because it wasn't choppy and now it's all of a sudden got this little, it looks to me, but I don't know if that's showing up in the stream or not. Let's see. No, I look pretty good and the stream seems to look good. Is the audio good? Okay, people are saying I'm not choppy. Perfect. Weird problems you run into because I'm actually running this for my Linux system because I want to do the testing here. Eventually I'll move this over to my studio computer. But that's kind of the some of the trickiness is getting this. So it does work good for both of these. Change chat to all chat. I don't know what that means. Change chat to all chat. So it's on top chat. Live chat. I think that's actually what you mean. Am I correct about that? So it should be on... Live chat is the only other option I have here. So I'll assume that's correct. I can say toggle timestamps. Maybe that'll help. All right. Technical difficulties solved, I think. I hope we really need a timestamp so I can... Live chat, yes. Perfect. All right. That's done. Let's talk about the firewall changes here. And it's a good place to start because that video is obviously popular. And it's kind of a mess. And I say kind of a mess because the problem is... Let me figure out the best way to present this. I guess we can do it like this and I'll zoom in some more. How much can I zoom? I'm going to switch over to that screen once I zoom it in. I want to make sure it's easy for everyone to read. Full screen. Full screen. There we go. And we'll switch over to desktop and cam. So this is the video I did the other day. And it's just been kind of... I don't like that there's a couple of mistakes, but I don't know what else to do about it. I'm not going to redo the video. But part of the problem is with the mistakes is... Documentation is a problem. And one of the problems and one of the things I fixed, and at least it's not worth reading, someone was upset because my video was inaccurate because of this right here. I put, yes, asterisks here on reverse proxy because if you search for the documentation for reverse proxy for 40 gate, they've decided to call it something different. It's a reverse proxy though. It even has certificate management, but not through the web interface that I could find. I really found the ability to do it through the command line where you had to do a manual import of certificates. Matter of fact, one of my tech friends reached out to me and even said they never use it because it's so difficult to use. It's easier to use something else. It's just one of those things that I was aggravated about. And of course the number of people that commented about the firewalls that weren't in here, which is obviously going to be a huge list. And I almost feel like they didn't watch the video because they would just check the list and go, why isn't my favorite firewall in here and things like that. But overall, I still have top chat on the stream. That doesn't weird. Let me see if I can fix that by a... How do I fix this? Bear with me. Oh, interact. There we go. Now it's fixed. Cool. Now it should be fixed for the chat on here. But it's one of the challenges of doing these videos is just trying to get it all as accurate as possible. And when companies don't have good documentation, it becomes kind of hard. And it's also why I didn't include some of the other firewalls because some of their features are fuzzy. And of course, then the other side of it is when you go to the really high-end firewalls, the features become almost just yes, but it's kind of like the problem I just mentioned here with the 40 gate of having a reverse proxy on there. It's a yes, but it's challenging to use. And if the product has a feature that doesn't work well, and I actually commented to this with PF Sense, people always ask about traffic filtering on it. And it's just not a feature that they're probably ever going to really work on. It's bad. It's like, does it have content filtering? Yes, but complex. It would be the best way I can describe it. So that's just one of those things that made it really challenging to do on there. Something I want to bring up here, because this gets asked so much, I think it almost needs its own video. I don't know how to describe this. I'm going to pull something up here. It always generates engagement, good or bad. It definitely generates lots of engagement. We're going to log into something here. And one of the reasons I like doing OBS is because I can do this. And then we can just... So I've been... We'll go all the way full screen with this. Actually, I think I can just do it this way. Hollywood is the tool I've been playing with. And it generates so many questions and so many people asking about it. This just runs in... This is a Linux package, a Debian Red Hat. It's in a lot of different repositories. But man, does it have people asking questions. This is a few questions I've seen people asking up here, too. So it's a fun little thing. But having it in a background, man, people love asking about it. It looks cool, though, doesn't it? It just runs a bunch of commands. It's just called Hollywood, and you can run it. So it doesn't really... It's interesting, other than look interesting. It's supposed to look like you're doing something. It also sometimes goofs up and gets stuck running in a background. It looks cooler when I do it on a screen like this. Now it does more. It's just using a bunch of tools that are built into Linux and Tmux to divide up the screens and run those tools in each one. So it's not doing anything particularly interesting. But it always... Yes. What's my opinion on that? So let me switch over to your screen here. Me in a chat. I need to bring the chat over here so it's easier for me to read. I need to stop that because that is very distracting to me to have that in my face like that to read over here so I can answer some questions. Oh, crap, that didn't work at all. Kill. Stop. Die. We're killing off stuff in the background. Now back over to the questions. Please consider doing a video on web filtering. You're in luck. I have a whole video titled Content Filtering. So I've got a video on that. No Palo Alto. Why is there no Palo Alto? That's pretty easy. Palo Alto is a pretty pricey piece of gear. It's nothing wrong with that I'm aware of. It's actually pretty popular amongst some people. But I don't use it. Therefore I didn't compare it. Not to mention, as I said just a few minutes ago, I skipped Palo Alto and some of the other really high-end firewalls. They're going to have the same checkboxes for being able to support all those things. But unless you're someone who has actually used it for those things, you can't really answer how well it does any of those things. So I skipped Palo Alto in a handful of others. What is my opinion on Peplink? Hmm. The Peplink stuff. I've got a couple clients have seen using it. I mean it works. So the people that have it are usually using it like a backup internet. So if you want to use it, I don't have a reason to tell you not to. So I don't have any other opinion on there. So I'll be switching from a UDM to a SG3100. That's awesome. You are tackling a big test of making an enormous firewall round up. And yes, it is a big test. It's a pain. Is Vios mature enough? I don't think Vios is immature. I think it's niche. It's one of those things that I, there's always somebody going to play with it in a home lab, but the reality is 99% of people in a home lab wouldn't even consider it. It's a good learning opportunity. If it's your career path that's going to take you down the path of, hey, let's do something in the data center. Vios is good, but I don't use it. And it's a command line driven type of firewall. I mean, I don't know that there's enough value in these type of videos. If maybe someone sponsored me because they wanted to do it and I would take the time to learn it and do it, but I don't have much of a desire because that video would not get many views. Everyone asks a lot of questions about it because they go, cool, open source firewall. And then he realizes command line driven and they go, oh, this is kind of a road, you know, a tall learning curve. And that learning curve is what people may not realize when it comes to a lot of these is one of the big challenges is if something has this steep learning curve and isn't widely used or popular, it's going to be less popular as a video. So there's not a lot of, you know, if I did some of these videos, for the hours I put into it and the number of views and engagement I would get doesn't line up. I try to do different than a lot of other YouTubers. I am covering some enterprise stuff, which by itself doesn't get the views you get. You know, if I covered consumer products, I would get more views because there's a bigger audience. I like though sharing what I actually do for a living, which is the whole, you know, more like enterprise and small business work and because that's what I do, that's why so many of my videos are around here. Plus I love getting people into the homelab thing. So I dabble around because it's fun to play with like homelab and things like that. And, you know, these are what drives a lot of my videos. Oh, let's see. The rules from Snort and Cisco products are better than in PF Sense and others, maybe except the rules in Snort and Cisco products. Hmm. DNS filtering in Maraki based in OpenDS has now branded a Cisco umbrella really granular and useful compared to PF Sense. I don't know, I mixed on it. I wasn't, I tested it a while ago. I was not impressed at all with it. I think it was an innovative product when it came out and I think Cisco kind of let it go stale. That's my feelings on an umbrella. But if you want to use it, it's not terrible. Are you asking VPN on my traffic like streaming services? That's a privacy VPN. I have videos on how to set that up in PF Sense. A good question is do the firewalls offer unified management dashboard? They put that as the top option as a matter of fact. So let's go back over to that real quick here. One of the top things I listed right here was central management. That's on purpose that I listed this at the top because I knew a lot of people had that as a question. Do these have central management? So that was one of the things I put right there for anyone wondering about the central management side of this. You know, I'm starting to realize why I like streaming so much. It makes the chat way easier to read because I know there's probably a way to do this. I want to be able to grab a comment and throw it across the screen. I don't see... I'm sure there's a plugin I can probably find to do that. So let's see. I'm catching up on the comments here. I'm going to turn timestamps for mine. That helps me a lot so I know when these came in. There we go. Now it's easier to read because I can see which time someone said something and I can get them in order. All right. What do I think of ruckus? I don't use any ruckus. I don't have anything against them. I just don't use them. I find their website terribly confusing. It's been a little while since they looked. Maybe they got better, but that's one of the problems I ran into is their product lineup is not concise. But they're not the only company with that problem. I complained about this with Unify. Unify's got some really bad ways they lay out the product. Cody is... Me and Cody were talking on one of the live streams. Cody from MacTelcom Networks. And it was just funny because one of the things he had mentioned was that you just got to read the release notes. I'm like chasing down release notes in Unify is the dumbest way I can think of to figure out if a product has a feature or not. Any smart company should make a list of exactly what their product does, especially with firewalls. And Unify does a terrible job of that. Can you load PF Sense Plus on your own hardware? The answer to that is yes. Yes, you can. I need a firewall that is as stable as BST, as higher hardware compatibility is Linux. Good luck. Umbrella was much better before Cisco bought it. Yes. What are your thoughts? Wondering how your thoughts are to compare my own understanding. 48 can be managed via the cloud service. A local server ladder works better. OpenSense Business does offer a management package called OpenSensual, which you host a device to sync settings that are devices. Interesting. What are my thoughts on Checkpoint? I just don't see them anymore. I knew a couple people that used to run them years ago in the medical space, but that was it. I've not even seen one outside the medical space. I don't know if that's just a target they were going after in terms of verticals for where they did their marketing, but yeah, I don't really... I don't know. I don't... My friend used to like him kind of. Then he went to something else and decided he hated him because he thought he liked him because he knew it. But then when he seen how complicated they were, according to him, to someone else, and he worked at a large medical facility managing them, so I don't know. I don't know anything good or bad about Checkpoint, other than what my friend said from like seven years ago. Is launching a VoIP service a good business here in 2023? It depends on what your plan is. It's not about price. It's about getting the customers. If you don't have a good plan to get the customers, then that's... The technology to do this is easy. The plan to get the customers is hard. So that's a whole other thing. Looking forward to your PF Sense OpenVPN client management configuration. Yeah, we'll do a video on that. If there's people who have questions, I might dive into some Ansible stuff as well with it. I don't know. We're not using much there because it's just not... People overthink it for sure. But there are... If you Google this a little bit, type in GitHub Ansible PF Sense, and you'll find there's actually some things you can automate with that. So... You know, it's been years since I've had an experience with WatchGuard. Man, my dislike for that company. And let me explain my dislike for them. Why I truly ran into it. You can completely see I'm biased. In 2007, I think it was, back when WatchGuard... Maybe it was even before that. Maybe it was 2005. Back when WatchGuard had that stupid Windows tool that we needed to use to configure it. We did an IT takeover. They had licenses. The dude that we took it over from lost or did something. But we had the receipts and we presented them to WatchGuard and it was in the company's name. And WatchGuard wanted us to pay again to buy that silly software instead of giving us a download link to firewalls that had licenses. And I was always angry at them ever since. We ripped them all out. That was our solution at the time. I know WatchGuard doesn't... At least maybe I think they don't use that silly Windows software to configure their system which is really a headache to use. I think they've moved beyond that because it's been so long ago. But that was my only experience I had with WatchGuard. We never see them. I rarely... I see a couple of people mention they use them. I don't know anything about them that makes me think I should use them. So I've never taken the time because I don't look at them as some amazing... They have some killer feature that makes them better than other systems. My turn for glasses soon. I have a very similar age to you. Yes, that's the thing. We use Checkpoint and it's a bear. Yeah. Hey, Tom. You said a good while ago USG isn't very good. I bought them as a basic tech guy and even I find you're right. Going to PF Sense as soon as possible. They're so basic with the USG. If you just needed to route the Internet, my daughter has one at her house. She just needs it to route the Internet. Works fine. We use No Production Ansible. Ansible is a toy Tom plays with, but right now nobody at Lawrence Systems does it in production. Yeah, I said earlier, I see Tom commented here about they do have WAF. I know they have a web application firewall, but I don't like when people say Zero Trust without defining Zero Trust. So because Zero Trust, Cloudflare Zero Trust, you still have to trust Cloudflare. I hate the way it's called Zero Trust. I know it's been adopted into the world, but it's not my favorite because it's just, yeah. Just watch your video on NAS Compare about the new NAS router device. Did you dig more in it? Is it too good to be true? It's not shipping yet, so until it ships we'll never know if it's going to be too good to be true. What would you use alongside the Unified Dream Machine for traffic monitoring and top B&G, set up something like Greylog or both. Greylog is not for traffic management. Greylog is for logging. But you can set up a port mirror and do like N-Top N-Top N-G into a port mirror. I have no videos on it. It's not something I've ever set up. So WatchGuard is garbage. There seem to be a lot of polarizing things with WatchGuard. I hear a lot of people, Sonicwall is another one. Well, no, I take that back. Everyone I know, even the people who use Sonicwall don't like Sonicwall. So the Sonicwall, hey, look, someone's asking a Sonicwall question. I consistently get, any time I ask technicians, I don't know anyone who says they love their Sonicwall. They're like, they're okay. They only crash once while. They're only buggy some of the time. Sometimes their support's helpful. No one sings praises of Sonicwall like they do. For example, I know people always sing praises of Palo Alto. I don't use them, so I couldn't put them in a comparison with any real intelligence. But everyone just says they like them. I'm like, great. I don't really know much more about that. But Sonicwall, everyone has a horror story of dealing with them, so. And Travis says right here, and I think this is an important point. Because my grandparents just need to get online with Wi-Fi, they put a normal dream machine in their house, nothing fancy. That's what my daughter has. She's still got the original dream machine. Works great. If you just need internet, and by the way, my daughter's not a technical person. She plays some games, and it works. So, yes. Good morning. What is your go-to NAS store drive in a 1.4 terabyte range? I don't think I buy anything that small anymore. Because I don't... So, whatever's on sale, 1.4 terabyte range is going to be whatever's on sale. Thoughts on using PF Sense of Proxmox? Sure. I... As far as I know, it works. I've never tested it, and I don't plan on testing it because I don't use Proxmox. But to my knowledge, it works. Sonicwall aren't bad for the price. No. I don't even think they're good for the price. Nobody seems to like Sonicwall. I'm just going to throw that out there, folks. We've taken out a lot of Sonicwalls. We have not removed Palo Alto's. You know, that's at least one thing. I don't think Sonicwall... Sonicwall just needs to be a buggy pile of support mess and VPN problems and things like that. It's funny watching forum posts of people who are Sonicwall, like, deep into it, complaining about Sonicwall. And it's like, they don't want to switch because they got it deployed at, like, 50 different sites, but they also don't love it at all. So that's... I don't know. Just a lot of people complain about buggy updates and just problematic systems. But I don't know. I've not actually used them. And, well, I have a little bit. I always find their interface to be horrifically bad. Have you ever, at any point, considered using a Type 1 hypervisor in a workstation manner? I don't feel like the complexity of it. I feel like the complexity outweighs the benefits I would get. So I haven't really... I haven't really done it. Currently looking to buy a UPS for my home rack. I'm not an electrical engineer. Currently running many PCs, rack mount switches. I want to expand more servers. Any tips? Get one that's on sale. I like the one I have, but it's not always on sale. I got it on sale for $500 off on Amazon, which is I have an APC, one of their lithium-ion ones. I bought it for $900 something. Last I checked, it's back up to like $1,600. Keep an eye on the sales. That would be my guess. If you go with the brand name ones, like APC is a pretty popular brand. I wouldn't use any of the web functions on an APC. I'll throw that out there. I know that they're not well implemented, but connect them to a USB so things shut down. You can still tie them to like a nut server. Techno Tim has a great deep dive on setting up nut servers. So they're not bad. There's probably a few other brands out there eating power. It's about finding a deal on some of them. Oh, just Google. Yeah, Watchcard. I know the Watchcard, like a lot of other, actually a lot of boxes that are x86, even if they were Watchcard or some other brand of x86 hardware, you can reload them to pfcents being on them. I ran a Sound of Quality E6500 in an HA pair for years. We had about 2,000 IPs behind it, worked fine for the most part. Replaced with Palo. Talk about some dollars. EcoFlow, really owes UPS, are very true NAS friendly. Yeah, I just don't spend a lot of time reviewing UPSs. So I don't have the best deeper insights into them in terms of some of the features. Now, there is at least one interesting take someone had. They were mad I didn't have Proxbox on my firewall list. And I said, I mean, that doesn't make a lot of sense. And the reasoning is because, basically, I guess because it runs Debian, which I know it runs Debian, I guess they think you should use it as a firewall, but I should have had it in the review list. I'm like, no, why would I run Proxbox as my firewall? I don't understand that. It is always interesting the comments and the spicy takes, if you will, that people will get on some of these. I'm just like, I don't plan on adding Proxbox to the list of firewalls on my list. Yes, I do have a whole video diving into all the different types of UPS. That video, even though we talked about Extreme Power as a brand, we covered very generically how different types of UPSes work. So if you want an education on how UPSes work, I do have a whole video on the functional parts of UPSes of how they work. Yeah, I see people, I don't get it, man. The whole, use Proxbox as my firewall, I mean, and then asking me why it's not on the list as a firewall, I'm like, because my answer is this primary task is virtualization. So, yeah. With True Nest Core, Linux tends to route slower. Not necessarily. That was true forever ago. For the most part, modern Linux can route just as fast as BSD. Someone will flame me in the comments and point out something about it. Generally speaking, for the routing speeds, people are going to be using, they're not dramatically different. What is different, what is very different is how True Nest, or specifically I should say, how Linux handles ZFS encryption versus how BSD handles encryption. So, True Nest Core handles encryption differently than Linux, and there are some bugs that I'll, I was going to do a video on it, but I got caught up playing with OBS today. I was going to show how Linux does things different and what problems that creates. But there's supposed to be a new release of True Nest Scale. I think in another week, when a new release comes out, we will be able to test it. I want to see if the bug goes away. Anywhere aware of a UPS that can be monitored via Home Assistant. Actually, a lot of them can because you can use them with, Home Assistant can use Nutt. And Nutt will then tie in there. Matter of fact, let's talk about that. Let's bring that over here. Let's see, whoop, I got to share the screen, right? Details. Oh, crap. There we go. I'm pressing all the wrong buttons here. In case you're wondering how I did this, this is my UPS. It doesn't have a deep integration. I've not taken the time to really set this up, but it is aware of my UPS. It can talk to the, I forget where it's talking to. Oh, it's, it goes, the UPS is right. UPS goes into my Synology and then my Synology talks to my Home Assistant. So yes, they can be integrated to each other like that. Now I figured it out. I feel bad because I have to look over here for the chat when I switch to the screen. That feels weird to me. Should I get like a second camera that looks this way so I'm looking at the chat? That's a weird question. I don't understand your question. So let's bring this up because it's worth chatting about real quick here. Is FreeBSB going to shift to ZFS native or are they still going to stick to GELI? You can use the native ZFS encryption in FreeBSD. So I'm not exactly sure. FreeBSD supports two encryptions for ZFS. The old style GELI, which has been deprecated in TrueNAS, but is still supported if you have an old pool on FreeBSD. But going forward, when you create them, even if you create them in BSD, they're using ZFS encryption. They're not using, if you create a new pool inside of a TrueNAS core BSD system, it will create it using the new encryption. I hope all is well. Does your staff use documentation like NetBox for client sites? We do not use NetBox. I've thought about it. Maybe one day we will. That's just not today. I read somewhere that opens ZFS currently still lacks a maintainer. I don't know where you read that. ZFS is one of the largest and extremely popularly developed. One of the code contributors back to it is going to be the people at IAC systems. So I don't think there's any aspect that is, I mean, it always needs more developers, but I don't think there's any part missing a developer at all. Not to my knowledge. Yes, on the multiple cameras. Yes, kind of tricky. I'm trying to figure out how I would do this to be able to go back and forth between all the things. As a matter of fact, I could. I have a tablet I could sit in front of me and type. So I could have the tablet logged into my account doing the chat. Maybe that. I don't know. I already have a lot of cameras. I don't know how many more I want to put on in this area. I've shared pictures in my studio and things like that. So it's interacting with the chats the hard part of finding a way to make that easy to do. It's easy, though, because I got such a big screen next to me. As many of you know, I got that big widescreen. It's actually like this way. When I turn this way, that's what I'm looking at. So being able to type, read it on the side here. Because I can drag the chat over to here and do this as well. So I'm just, now you can see what I'm typing. Now we've got chat suction here. We've got two of them. But yeah, maybe we'll consider some multiple cameras on this. Multiple cameras make it fun. What are the other homelab questions I need to answer here? I think I got a lot of the firewall ones all the way. Thoughts on the Bitwarden's new secret management service? I think it's pretty cool. I don't know that I have a need for it, but if you're using some third-party secrets manager and you need your dev team to be able to share secrets, I think it's pretty cool. I like that it's integrated in Bitwarden, so I think it's cool going forward. I don't know that I particularly have a use case for it. An IT manager once mentioned they don't deploy UPSs because of the maintenance cost for new batteries. Well, it's all about budget. I don't know. I deploy them. Ever been fired by a customer? So it was your fault or just a bad customer? Maybe. It's usually a mutual agreement that we should not do business together. There's definitely been a couple of those. We mutually agree we should not work together. There's been a couple that left. How would I describe them? Non-response, like co-managed ones are weird. We lost one. They were small. Outfit. But the onboarding was rough because no one replied to us. The questions they had were off the wall of ideas they had. And then one day they said we're moving to someone else. And I said, okay. I was kind of okay with it because everything was always so weird with them. I didn't even try. We're like, we're okay. You're moving. What do you need from us? We'll uninstall all the tools. You just give me a date and we'll be out of your hair. Don't worry. We can end this. We definitely got rid of customers. Well, you just flat out tell them. A lot of times sometimes there's a rate problem and stuff like that. There's always time. There's always some level of churn. A lot of our clients are pretty stable though. We try to vet them before you get them onboarded that way you can figure out if they're going to be a problem or not. By the way, in case you're wondering, complaining about the old IT people, read between the lines on that one. Especially if they talk about lots of previous IT companies they've had. Now, I'm not saying they weren't necessarily the problem, but always read between the lines of whether or not they were the problem. Any experience with one, two, three net? I think we're working with them with a couple clients. I don't know anything bad about it. One of my staff may want to answer if they're... Well, I don't think they're in live stream right now. But yeah, as far as I know, they seem like really nice people when I talk to them. I've never had a bad experience with them, but I don't have a ton of experience with them either. Homelab Plex servers stop account sharing. I don't understand that grouping of questions. I don't know what you're trying to say. Yeah, I don't... I don't know what that grouping of words means. So, how do you vet your clients? You just talk to them, you know? If they have really old equipment and they say, we really want to keep this really old insecure exchange server going, those are ways you can vet clients and go, probably not. I don't want your problems. This is... We had one of them that the negotiations were, you were going to get rid of this old stuff or we won't onboard you. Like, your onboarding won't start until we start the migration process for your old stuff. That's how you vet clients. If they give you pushback going, no, no, no, we really need RDP open to the world. We really don't want to use VPN and we want you to keep us secure. That's one of those things. Like, if you have interactions like that with a client, you should probably keep them at arm's length. Because sometimes those type of clients, it's just a matter of time before something goes, boom, and then you are left going, oh crap, I got to pick up all the pieces of this. So, yes. You have to be very careful with those. It's just some general things. Do I use option 43 and DHCP for Unify? No. I mean, I know I'm aware of it, but I don't really have a use case for it. That, you know, we'll usually adopt things at our office and send them out to clients. So we're not. And because we have a network set up to adopt them where the controller is, it discovers them locally and it's not a big deal. So it's not something that becomes a challenge to us, if you will. Speaking of which, I got to do an updated video on this mess still. I'll share the screen in a second here. I can't decide which is easier to share the screen in. This or StreamYard. StreamYard does make things pretty easy for doing this. But yeah, this is, you know, we talk about some of the messes we have. This is stuff that's getting set up at the office. We'll adopt a lot of this before it leaves the office, but this is actually an entire network build and everything that's getting shipped out. So, yeah, lots of stuff in here. But because a lot of this comes to my office before it goes out to clients, that's why we don't necessarily have it set up on there. But if there was a need, we could throw, we might even, one of my staff may have configured this. I think they have it configured for one client to use it. That way it just automatically adopts to the controller. It just kind of varies with different setups and what you need. More videos of Wi-Fi. I need to do definitely some more Wi-Fi videos. I'll agree with that. Oh, let's see. What is Bitwarden Error Code 7? No idea. I never got Error Code 7 out of Bitwarden. So, don't know what the answer is to that one. Also, what would I do to improve? Should I make the chat like wider? Would that be better? Or do we like it when I do the chat like this? Now we got double chat. So, I don't know which one's better. Sophos has the most features free for home. I don't know that they will change this, but if I'm not mistaken, I don't know. This is one of the challenges. There's very few companies that offer that many features for free. This has been a problem where because it's all licensed the way it is, they do it and then later they're like, we want a few dollars for it. I don't think paying a few dollars for it's a bad idea necessarily either. The people at Arista kept their, I think it's like $150 a year, which is pretty cheap for a home user firewall from Arista, but it's one of those things like it always bothers me a little that it's free, is it a lost leader, it gets people using it, or that they'll just pull the rug out from you. I don't know. I don't know anything bad about Sophos. Christian Lampa really likes them, so it seems like a good choice for a lot of people. Multichannel packet capture. I must always do my packet capture on the network side, so I'm not really sure what you're trying to do. Like on the physical layer side. We need more Hollywood in the background. Good point. You know what? Let's fix that. That we can do. We're going to go here, exit out of this, go here. Oops. Got to type in the right words. There we go. Then I got an idea. We're going to do this. There. Now we got some Hollywood in the background. You know, I could probably feed that as another background too. Like keep it. That would be fun. Let's do it live. Let's make some changes here. To this. So if we add a window capture. There we go. Ha ha ha ha. There. Is that fancy enough? So it's nice when I show the one I reply to. I'm fine with that. I don't. I mean, just whichever works. Haven't heard anything about the Home Edition going to partner level. Yeah. Also correct myself from earlier. As maintain developer, Tom Cootie worked on the original encryption. My understanding is also not working anymore. Yeah, I mean, people change. I don't know. I've not taken the time to research it. To figure out who's working on what part. I don't. I don't always keep up with an entire developer playlist of all that. You know what we should do? We'll make me a little smaller so we can get more of this in here. So I'm hacking the planet behind me. Ha ha ha ha. Um. Is P.F. Sen's HIPAA compliant? I don't know how the firewall needs to be HIPAA compliant. You'll have to give me a better understanding of that. To make sure what the question you're asking is. You shouldn't be loading patient data into your P.F. Sen's. That would make it not HIPAA compliant. Ha ha ha ha. So I'm targeting the device that the user device is moving. You're on. It's hard to get a full picture on what's going on. Um. I don't know any easy answer for that. If. Usually. Um. You would just capture based on that person's MAC address. So as they wander between access points, you're always filtering for their MAC address upstream. Uh. Apt. Git. Install. That's how I install it on my systems. Untingle has that in our marketing info. Okay. Hey Tom. Uh. Is there a way to go around CGNet using something like P.F. Sen's from the cloud? Uh. Cloudflare tunnels. There's an easy one. It has nothing to do with P.F. Sen's, but if you're, I don't know what your goal is. But if you need to get a, you know, something publicly posted. Cloudflare tunnels is a really easy answer for people stuck behind CGNet. No doubt. Uh. There's nothing I know of that is good and in the same price range as Unify. I just don't have an answer for you. Um. I know people ask this all the time, but I don't have any easy answer. There's um. There's not a lot of competition in that market space because the next level of competition is going to be your consumer products. I don't know which ones are good and which ones are bad. And consumer products are just, they're always so um. I don't know. Tied to the cloud, have expiration dates when they stop working type thing. I don't know. Um. You know, I haven't had a chance to play with tail scale funnels, but it is on my to-do list. They look really interesting. So, tail scale funnels definitely look really cool. Well, it's not that Cloudflare tunnels don't allow plex. It's that there's limitations on them. So, if you're probably doing something on your own, not bad. If you're trying to share it with a bunch of people, you're going to have a bad time because you're going to exceed bandwidth. Way to verify a PoE on Cat6 using HomeLab using PoE adapters. Plug it in and see if it works. I don't understand the question. What you're trying to verify? Uh. Sell routers for PF Sense? No, I don't really research those very often. Ruba Instantan is tied to their cloud with a lot of their... Now, the firewall... The access points, depending on the model, may only work in the cloud. All the switches I've seen work locally or in the cloud, so you can use it either way. So, I mean, there's not a... It varies by model, and I haven't looked at their website to see which models support which, but hopefully it lists it on there. Thoughts on the Restrict Act? It sucks. It's stupid. It's bad legislation. It's shocking that a bunch of people who don't understand how the internet works have ideas on how they want to restrict it. My thoughts on 3CX? That is a dumpster fire. That's my thoughts. I've done a video on the dumpster fire. I've linked to Huntress's blog as well as many other security researchers. It's a dumpster fire. Only part that really blows my mind is they have a CEO who seems to be pouring gas on the dumpster fire. So, if that helps any... If that's clear enough for my thoughts, how big of a risk is it to have RD-Web, FTP, Hyper-V, and SQL Server all in the DMZ? All depends on how they're configured. The more you isolate, the less risk you have. So, how isolated are these from each other? How many DMZs do you have? And I don't like the term DMZ. Just basically segmented network is better. DMZ is the old term. People still like using it. It's all about network segmentation and what the rules are around it. So that segmentation should be good, because especially if you're using these Microsoft services, Microsoft is hella bad when it comes to security. They pick and choose what they want or do not want to maintain securely. And sometimes they've been known to ignore security researchers, and it always seems to be probably not by coincidence when it interferes with their ability to sell more cloud software. Like, they're absolutely garbage handling of exchange vulnerabilities. So, I don't really think Microsoft is to be trusted if you have exchange. That's my opinion. Cisco, Meraki, go. It's also tied to the cloud. Yes. Threat management is part of HIPAA compliant network. Yeah, but you don't have to do that. You can do that on the endpoint and you're fine. So you can do it on the endpoint. You don't have to have the firewall be doing the threat management in order to be compliant. You can do this on the, you know, consult your lawyer. Don't take Tom's advice. So, by the way, I always like to say that. I will give you my favorite quote I've said to people. There is no good legal defense that starts with, but this guy on YouTube said so. That is never a good legal defense. So, if you are really want to dive into making sure you are properly doing compliance for a client, make sure you talk to a proper legal counsel. What's your take on TrueNAS scale as a VM in Proxmox based on the current versions? I don't like virtualizing TrueNAS ever. I just had someone who had a bunch of problems with it and when they started describing all the problems, I said, did you virtualize this? They said, yeah, I'm like, well, stop. This is where your problem is. What PBX systems do you implement the most? We resell a system called OIT VoIP. We don't even put PBXs anymore. We just sell cloud systems. We got away from free PBX too much. Too much of a headache to support. I don't want to support it. What's your up on Cisco U5 compared to Dell servers? I go with Dell servers. Hello, answer my question. What question? I think your question must have got deleted because I don't see your question. And I've answered a lot of questions. So hello, answer my question. What is your question? I should put it on there because you can still email vlog Thursday at laurancesystems.com. So do you have ERP recommendations? No. We don't really use, I don't know. I don't think I have anything I would just say would definitely use this. Although someone said something earlier and I want to pull this up real quick because you're going to laugh. Where's the screen share? Oh, let's get this out of the way. Someone said this eats up a lot of CPU. Yeah, look at the CPU usage. If I go, can you tell when I turned on? Here's when I played with it a little while ago and here's when I turned it on now for running that Hollywood. That was a big resource hog for anyone that didn't know. Come back to the other screen. I don't know what it does for the other, but I know it's a big resource hog. Yeah, had a lot of issues virtualizing that. Everyone, I know, it's weird that people are willing to pay me money for something I've repeated on my channel constantly. People hire me to solve their true-nest problems and I say, why is it virtualized? Do I try and troubleshoot this? I will try. I think virtualizing it is your problem, but if you insist on paying me, here's my booking link. You can hire me to tell you in person as opposed to this. Some of the weird things I do as a consultant. I'm very honest when it comes to my consulting work. I frequently reply to people in email, you can hire me, but I'm going to tell you this is a bad idea before you do so, and I'm like, well, good, I'm not the one implementing it. You just want to ask me questions, because hiring me to implement it would be no, but asking me questions about your bad idea, I mean, if you got the dime, I got the dime. Here's my... Do you manage any clients outside the U.S.? Manage, no, consult, yes. We do offer consulting outside the U.S., but we do not do any client stuff outside the U.S. That's weird, why did that happen? Oh, I see, never mind. I thought an icon changed on another screen. Let's see. You know, we don't do this anymore because the way autopilot and stuff like that works with Windows for deployments, we don't really do the imaging anymore, it's just not needed. Have you run into new CMC requirements? Yes, frequently, no problem. We are trained and my sales guy, I flew him out to California for a big event to go get trained on all this stuff, so yes, we are familiar with and helping people to CMC. Matter of fact, it's going to hurt a lot of smaller IT companies that can't service it, because they're going to end up losing some of their clients that have government contracts. Any thoughts on ThinkMate servers? Is ThinkMate a Lenovo server? I don't like Lenovo servers. ThinkMate. Okay, so we're just playing off a very similar name to some of the other ThinkPad stuff. I never used them, so I don't know. Ever had issues with DNS? Search domains via PFSense with unified devices? Have an issue with unified devices? Such APs don't seem to pick up the additional search domains from DHCP. I don't think so. I don't recall any issues with that, but misconfigured DNS? That's a frequent consulting thing. Oh, these are actually super, so ThinkMates are super micro? I'll pull the screen up over here and let me drag it in so people can be on the same page of what we're talking about over here. I've never heard of them before this moment, so I have no opinions on them. They look like super micros. ThinkMate, I don't know why wouldn't I just buy a super micro then? This looks like a super micro. They're... a super micro reseller? I guess? I don't know. I would probably just buy a super micro at that point. That's my thoughts. ThinkMate has cheered ass boxes that are affordable. So there's 45 drives. That's one of my go-tos. On the topic of cloudware tunnels, do you think it'd be possible to use in front of a self-hosted unified setup? I don't know. I wouldn't use it to route any of that. That's a great idea. It might work. It'd probably be a headache to set up, so I don't know. Do you have any recommendations for inbound outbound callers for call center? Not at all. The software we use has a web interface that we make the calls from. So I don't do anything... We don't do mass dialing or calling. We don't even do code calling. All of our leads are inbound. So using API makes it tedious. Hmm. I mean, it knows when your IP changes with the cloudflare tunnel, so I don't understand... That's part of their automated way it works. Oh, Supermicro has moved away? Hmm. I don't buy many Supermicro servers new. Dell is still one of the go-to servers just out of habit and ease. Tried it did not work with trying to get around the ISP routing issues. I don't know if cloudflare tunnel can route the protocols that the Unify uses, or if it would mangle them in a way that they'd become broken. You'd also have to get your Unify devices talking to the different cloudflare tunnels. I don't know how hard that would be set up. I don't have an interest in setting it up. I would just... If you're going to run a Unify controller, you can run on a $5 or to say $10, so it's fast enough. $10 to the note, and since you can put quite a few on there, it's just run it in the cloud and make life easy. A signal has dropped SMS messaging. I never use signal for SMS, so I didn't even realize they dropped it before people started asking me questions. I just use the Google app for it. I text so infrequently. I don't use the Google app often at all, but when I do, I use the Google app. Unrelated, but related to homelab, are there any recommendations deploying something like RabbitMQ or MinIO that might use those? I don't use those. I use MinIO, but I don't know. Don't expose it to the public unless you need to? But I haven't used RabbitMQ. What are your reasons against virtualizing PF Sense? All the headaches that come with it. If you don't know what you're doing and this is frequently what happens, people go, oh, I'm just going to get started in homelab. I'm new to all this. Let's virtualize everything and they realize if you don't know the product before you virtualize it or combine that with not knowing the virtualization platform very well, you can run into problems with it. Is it usable? Yes, if you know what you're doing. The problem is, it generates more questions because now you've added a layer of complexity with it. How do you manage all your PF Sense firewalls? We use a reverse VPN. The client firewalls VPN to a central server. That server then has a port for each one of their web interfaces and then we can access the web interface. There's no lateral movement move between them. Thanks for the answer. So pretty much like everything else, don't make it public. Yeah, that's my answer generally for everything. Don't make anything public unless you need to. Practice principles of least privilege. That's the whole thing. Do you need that exposed? Ask that question first all the time because if not, you're going to have a bad day. I'm going to wind this down pretty soon because I actually looks like it's nice outside and I might go outside today. I might leave my basement. Is there any final questions before we wind this down because I am both running out of water? Which by the way this is my Hunter's Cup. Breaches and brews with passing through the hardware neck avoid issues. Yes, I mean it's not a bad idea to do that passing through the network interface because then you solve any VLAN problems you might run into. But the other problem you run into or you figure out really quick is if you have, it's funny because I brought this up in one of the live streams and I was like one of the things someone had mentioned was I said if you virtualize it, if you have a problem with your hypervisor or you have to patch it, you have to take your firewall down unless you've built a whole HA setup. Usually you'd be on the scope of a lot of not a lot but you know the average home laver and as someone said yeah I've got to patch my system. I haven't patched it because it needs an update and I don't want to take everything down to patch my hypervisor. I'm like yes. So you know Johnny noodle king in Detroit has got some good dreaming. Maybe I'll go there today. I know where it is. I drive by it. I've actually never been I've never stopped. So are you going to LTX 2023? No, I wasn't planning on it. I don't really have any reason to go there. It's kind of on the peripheral of what I do. So I imagine I don't know. I don't really have a good reason to go to the event. So I am skipping LTX 2023. If someone can tell me compelling reasons, send me on Twitter, email vlog Thursday at lornsystems.com and I will certainly consider going. I just don't know why I should go. So do a video on multi-site management. Yeah, it's on my to-do list. It's going to be disappointing people think I've built something magical and I have not. PF Sense is just easy to manage. It doesn't require a lot of babysitting unless there's an update. When there's an update I got to go update them all. Yeah, I mean, sure it's easy for you to say do a co-lab with Linus. Linus ain't exactly reaching out to me or other security YouTubers that I know of to talk about things. So not that easy. It's not someone who's easily to get in touch with that I know of. Maybe I'm wrong. I don't know. Yeah Luke knows what they need. Just started testing PF Sense CE 2.7 deadbox with Intel 2.5 kick parts so far. So good. Yeah. Yeah, the 2.7 is coming along. I think it's close to release. So No, I'm not building a PF Sense with Wi-Fi 6e. That I don't think PF Sense should run Wi-Fi. I've got a video on it and I explain how it works and why it's not the best. So I will leave you all with that. I'm going to bounce out of the stream and thanks everyone for watching and thanks everyone for joining me this morning. Feel free to email your questions to vlogthursdayatlaurancesystems.com I will answer them on Thursdays. I have that scroll I missed that email address. It's in my I don't know probably last five or six vlog Thursdays. I've been doing this for a little while. So all right. Yeah, well, they denied me on float plane. I tried joining that in earlier days. They denied me there too. So I don't know. I don't know if Linus would reply or not. So we'll see. I don't know. I wouldn't I mean I'm willing to help them. But we'll figure it out later.