 think I'm live now. So switch the branding here, brand. We'll put this logo up. Actually, I should put this logo up because I'll mention we've got a lot more content on the new business technicality challenges and business challenges that we're covering on business technicalities. That is my new channel where all of my business contents going and we've been publishing more and more there. It's been ramping up and I just, you know, people who are wondering where the business content went, it's all on there. It is linked in the description below. I'm about to do some more pushing of that channel, so to speak, just some, you know, mentioning to people. I knew people didn't want it on this channel, all the business stuff, but there was a enough people that viewed that content that I wandered it all over to the other channel and, you know, got some friends to help me out and get it published faster. So that's where that is. This is a, what episode are we on? I've lost track of what I was doing here in terms of numbers. I usually have that pulled up ahead of time, but I was outside looking at my yard because I have landscapers redoing my yard. So I was distracted like, oh yeah, I got to go downstairs do a live stream. So 282. We're going to talk about some unified stuff and everything else. So let me catch up with some of the comments here and let me switch the brand back to the Lawrence Systems logo up here as if, you know, we, the business technique, at least one, if you didn't notice, we have the sports theme. By the way, I don't do sports, but I know most people, enough people do that. We just thought it was fun to theme it that way for no other reason than amusement. So let's see. Afternoons, he got Cody first one chiming in here. Travis. How you doing? Chris Simon to Tobaya, I think is how we say that name. Simon. All right. So I'm just working on a two and a half gig Intel 5105. I'm going to make into a VM PF sense and a doctor piehole proxmox. All right, lots of fun stuff there. UNVR hit our main month replace finally shipped. Help us see it back. Oh yeah. I've had a couple of people say they died and it takes a long time to get another one. Yeah, that's probably a problem. Do I plan on doing a video on teleport? No. Christian Lumpa, the that it life did a great video on it. I can't improve upon it. I can't offer any other insight into it. It's a good product. If you like using it, the problem I have it's not specifically with teleport. It's that genre of some of those tools is loading an agent. I don't feel like setting up an agent for everything on there. Do I think it's a good product though? Yes, I think teleports a cool product. So and I'll bring it up pull it up for people that haven't heard of teleport. Pretty slick. And matter of fact, here, they have naming that doesn't make it easy. But we'll share both of these over here. So the sharing now share screen Chrome tab. So this is teleport. And I'll throw the link in here too. It's just go teleport.com. It's neat. It's worth mentioning. I will say it's a cool product go teleport.com. And the video and we'll share the video as well. In here it is going in the links here. But it's easy enough to find the title of video is how I secure my server access with teleport for SSHK eights in the web. And that video is by the managing that digital life. So hope he's the I'm sorry, the digital life, not that the digital life. But there's a link I just drew in there. It's cool. It's a great system for it. And yeah, use it if you like it. I just I didn't feel like loading agents and setting that up on there. That's why I wasn't using it. So if we had a lot more servers to manage that were Linux like currently, we're not really managing much Linux servers outside of our own. So I don't really use it. But it we might get into managing more Linux servers for clients. It's just something we don't do a lot of right now. So I don't have that all configured. It's it's great. If you do do that, though, if that is something you do. So while we're on that topic, though, there's another tool called and we'll pull it up real quick. That way you can, if you're looking at tools that do the same thing or a competitor for teleporters, actually another one called our port. And the URL for that is our port RPoRT.io. And there we go. So there's the our port. If you're looking for something that's a competitor of teleport. So they they handle things differently, but in a way the same where you set up agents and manage your SSH that way. They're both good tools, especially if you're a someone who manages a lot of Linux servers, you need to track all the different things that are being done by different technicians. We facilitate that all through our Ninja RMM. That's why we don't use something else to do it. Because when Ninja RMM, most of what we're doing is handling Windows servers and clients for people more than anything else. So we still use our Ninja RMM for that. Do you plan to do any videos on Papa West 24 shortcuts, tips and tricks? Not really. I let Jay cover that. It's not it's not something I'm as good at. So it's not high on my list to do. I don't think about it as much like I know the shortcuts and tips and tricks, so to speak. But they're all the same ones I'm using that are on their website. In Jay's more of the power user than me. I mean, I use it every day. It's all I use is Linux. But I don't know, maybe I'll do an updated Linux video. They don't get a lot of views or engagement overall. So I don't think for the effort I put into them, you kind of look at the return on it going, did people like this video? You know, the last couple of times I've done these, they don't always get the best engagement. So that data does on the other stuff. Yeah, it's written that data is great. That's one I did that video because that's definitely a great thing. So yeah, does tail scale and zero tier have their own agents? Yes, they do. Those have agents as well. You know, our port does have some windows support. You know, I even tried our port. It's just another one I'm looking I was looking at because the people asked about it. I'm actually surprised that maybe I should reach out. I'm friends with Christian who runs the digital life. But one of the things about it is it's made this is made in Germany. And so is he. Both being from Germany is like we didn't choose this one. But yeah, I believe this has some windows support to features, remote desktop, telnet. I believe it has a Windows agent too. I want to look at because I believe this has a way this has a couple of use cases that I want to look at that is more than teleport. One of them is I believe I'm almost positive it supports Windows. Their website is kind of vague. Like you got to look at the demos not the website because the website doesn't have let's look to get our knowledge base. It's all too of a renaming your tagging of clients. They're showing Linux doesn't show anything about Windows. I thought that's what it did though client configuration, Supervisor OS using the API. Well, I remember seeing a demo that someone else said you can find someone else has a video on there. But yeah, so maybe I'm pretty I think it does but I don't know it's clearly less unless I'm overlooking it's not like right on top of their website like hey, here's what we support Windows and things like that for whatever reasons. I don't know. That's the problem some of these have. They're not always the best documenting what they offer Browser based remote says to have user and group management. Yeah, but what clients support FAQ? Oh, opportunity. Our port clients need road access runs any Windows Linux OS. So it's under the FAQ. So yes, there we go. We can confirm our port does indeed support it. You're using Windows 10 open multiple terminals run commands was the proper way to run multiple terminals exiting command and pop OS. I do everything with the bash terminal. So I use Tmux and just the bash terminal. So to me that's fine. I don't you know when I was I quit using Windows over 10 years ago. So I don't really know what all but I don't really. Yeah, I don't know what else as far as Windows man. Well, actually, I take that back a couple of my staff debt use Windows also have Windows subsystem for Linux. So they're just using a bash prompt in Windows as well to do things. I say waiting on background search, even though I know there's nothing always scary, they decide to get off the offer. Hello from England. Cool. Hey, Tom, love the channel. You've been available and getting issues to PF sense question, SSPD, MDS between VLANs. How do you approach this which side or PF sense? MDNS is going to be something you want to do with your firewall. So you're going to want to do that with the PF sense. SSH tunneling is very basic remote support tool and it's good. Yet SSH tunneling works. I've done videos on it. SSH when you tie it together with proxies even better. If you look at proxy chains, I have a video I've done and I thought about doing it. I don't know. I could do a new one. I don't know what more it would add. But look up. Oh, XY chains. But yeah, I have a I have a video on proxy chains. So it definitely is a really great way to understand how to use SSH. So SSH jump server and how to pivot using open VPN and proxy chains. I got a video on this as well. So I did this one in 2020. So it's a little more recent. When I do the other one three years ago. So yeah, I've got this video here just talking about how you can you can pivot using proxy chains, combine that with the SSH tunneling life is good. And it's really once you learn how to set it up, you're like, that's it. There's got to be more commands like now it's really, it's really quick and easy to get set up. You're on the road to quit windows. Yes. Best of luck on your road to quit windows. What's better alternative to Ansible? As well as Python and solid and the client test stage connect to the client doesn't depends on what you're doing. I'm not the best Ansible guy, but you can just use Ansible to connect and push commands without it being fully set up on every client. You can just yeah, I'm not going to dive into I'm not the best Ansible. I have like a couple templates I set up on when I want things to be done in a certain way, and I'll push it out through Ansible, but you can actually not have Python as all you can say, connect to this client. Here's a list of commands to SSH in and run on the client. That's it. Matter of fact, if you use even your SSH config, you can push commands based on what's in your SSH config file there, it works the same way with Ansible. So you don't yeah, it's just an easy way to send commands over. So you can actually just build config files for it. Hello from Germany is salt stack is I believe, from what I understand, I have not used salt stack a few people said it has a lot of features, but it is even more complicated and Ansible Ansible, my understanding would be easier to do. So you talk me in the PF sense I've been waiting for over a month for 1537 for four SP ship tried emailing sales for an update nothing anywhere else I can reach for SSH check no, just call them they believe they have a phone number. I don't I haven't seen them take that long to ship the bigger models. The I don't know what their stock is on those at the moment you ordered but generally, I mean, they're good at giving updates and when they'll ship because we were a lot of them. Do you have you get into mobile device management? Oddly no lack of demand for it. So and by the way, I wouldn't I mean, it's most of the time like Apple's offering their mobile device management. If you're a G Suite user G Suite has their mobile device management. It's not something we get a ton of requests for. Have you heard of VLN hopping becoming a real problem again, but seeing the videos doing VLN hopping and Cisco products. So yeah, David Bombal just did a video on that. The problem is the way Cisco does things is complex. And if you don't understand how to build the proper trust between the switches, you are able to insert yourself in there. David's got a video on it recently done on VLN hopping. It's not like it's becoming a problem again. The it's always been a problem. When people don't configure things properly, you can VLN hop. That's the problem. That's it. It's not really like it's a problem as much as if you don't lock down your system properly. And because Cisco's are complicated to do, he shows how to exploit that on a Cisco. I'm not aware of any way to do that on a Unify. So it's it's one of those things that in my opinion, sometimes things that are overly complicated in untrained hands can be quite the problem. And especially if you don't need those extra features that this more complicated product has start with use case, look at something like Unify and go, Oh, yeah, it's harder to be on hopping Unify because Unify builds all the trust relationships in a more automated way between the switches and the controller. So you can't inject yourself in between. So all right. Thanks in advance. Thanks in advance. Our port says login and windows are dp anywhere without a don't see. So you do have windows to cool. Since I'm in my true nest core scale, my host name isn't updated more in my Unify home anymore happens upgrades as well fresh and solid. Do you have any ideas the host name doesn't update it? I don't know why. Solstack is more enterprisey, stateful, gives you run agent minion on each, giving you more audibility. You if you're I know because my friends that are more extensive J from LearnLinux TV being one of them when it comes to Ansible, you can get complete status and indebtence and everything with Ansible to confirm each one of the end points. There's really advanced things you can do with both. So really comes onto what you want to do. And I think it just comes on ideology. And a lot of times people just get adopted in. If you if you're start if you're not the one starting the company and the company you're going to work as already using one of those tools, you'll probably just continue using it. Security union is a great job using Solstack to build out all of their sensors and things like that. They I believe they use it pretty extensively still. How do you see the future of ubiquity getting tired of waiting for lots of products becoming available regardless of their early access. I they have a bright future and I keep that we I was trying to figure out how much we spent last month with the ubiquity. I think it was something like 100,000 last month on something like that. We spent a lot of money with ubiquity. We don't see them slowing down anytime soon. You know, they they keep throwing out new products, but they seem to be ramping things up more. They're definitely a fast growing company. I don't there's nothing I really see slowing them down. Supply change shortages. I mean, Cisco can't hit their sales numbers. That's why Cisco is like six months on some products a year on other products for delivery. So while other companies are struggling to even get product at all, ubiquity may be trick trickling out the products, but that's better than not having the product. I saw the video, but interesting how could you use an attack video and sman in the middle on a to get in between the trust of the switches. VLAN hop based on my limited understanding of Cisco from David's video, it was he was able to inject himself into the trust layer essentially of the switches. But I believe there's the way you mitigate that is not you lock it down so things can't get in between. He talks about it in a video in better detail than I can cover here. So watch David Bumble's video. That's best in David Bumble VLAN hopping you'll find it. He just published it this year. How do people stop VLAN hopping or saying devices are default VLAN by default, which is native VLAN, you can't VLAN hop on it. So it's not stopping it by default. You can't do it. I'm not aware of a way to do it. If there was a way to do it, you could collect potentially a bug bounty. If you could if you could prove you could violate the switch port security, they have a bug bounty program. So I'm not aware of any way to do it. Do you have any negative feedback about Sonic firewalls? Sonic firewalls are hot garbage. Hot garbage in the summer is that's my negative feedback. I really just like Sonic wall. They don't have the best security. They've been they're just not great to work with at all. They have a great reseller program. So you have all these people saying but I make so much money reselling their product and their licenses. And that's why they like them so much better than Yeah. How did you set up Synology photos for your phone? Did you use your custom web link? Or did you set up a VPN? Are you just not syncing your photos in your phone? I just sync it when I'm at home. So that's I don't sync them when I'm not at home. I it's exclusively at home that way I don't have to make it publicly accessible. Simple as that. ACLs present BLAM hopping. I think this is what David said in a video. Unified switches and web sort of best of this not going anywhere to firewalls on their hand. Well, yeah, their firewalls are lacking features still they're getting better slowly but surely. Sorry for their own question. I saw it open VPN free radius and OTP basing videos might be a sense I'll work but I think the phone disconnects any advice. Yeah, if you use the OTP there's there's bugs with it using OTP with VPN on the phone it'll drop that open VPN doesn't work as well as Wireguard Wireguard is what I use on my phone because it works better. Yeah, don't use 6L there. They've had a handful of back doors and just bad security practices over there. So good afternoon what's preferred P2V tool for moving machines, sexy PNG cloning it or whatever backup software you have. Frequently just whatever backup software I have this backup software and you can clone it and you're done pretty simple. Hey more people saying Sonic walls are horrible. That's pretty negative. Yeah. VLAN happy when in the device trips away the first fan is added twice. You can VLAN hop. I mean, you can misconfigure anything if you try hard enough. I used to do more IP table stuff with Linux firewalls. I don't do it as much anymore. I, you know, I lock down a Linux system. If it's a server, I lock it down to only what's necessary principles of least privilege and things like that. But I don't spend a whole lot of time writing a lot of rules. Matter of fact, you just lock it down and you implicitly add only the services it needs. And for example, like one of the servers we have talks to reverse proxy. So even though it runs a web server, it's only able to talk to the reverse proxy because why does it need to talk to anything else? It doesn't. So just lock everything down. Whatever firewalls built in the Linux is usually fine for that. Look at the sounds you foes. I could see you have to have one of their devices. Do you have a model recommendation for a home user? It really comes down to what size you want. Get a plus bottle. You can start with the little two bay model and that'll work. Will the two bay model hold enough hard drives for you? You know, you put a pair of eight terabytes in there or bigger. It comes down to how much storage you need more than anything else and what you want to run on it. If you're rolling on firewall, do you have hardware you like? Anything when you're rolling your own. I mean, it's nice to get any of those little solid boxes from like Quotom. If you're talking about home labs, not stuff all the solid production, but yeah, they work. Two NAS scale cases are not to play after updating. I have no idea. Hit their forums up. Seem a simple solution. Thanks for advice. Also smash the like button. Much appreciated. PC engines, AP boards. That's why I use for PF sets. I've heard of them. I've never used them. Yeah, there's no OTP for WireGuard because it doesn't do username and password. How effective do you find locking down networks, fee lands, using ports to post other firewalls that use the combo of ports and applications for to get or PA? I mean, I don't understand the question. If you lock the port down and other people can't use it, the port's locked down. I it's it's the lowest thing of attack like read through the reports. How often is that the attack vector, by the way? It's not zero, but it's not as common. That's usually I mean, if you have a building where you're really worried about physical security, then spend more time thinking about it. But for the most part, the average attack doesn't come in through someone rogely plugging things in. By the way, the other really easy thing to do is all the ports that are in use, turn them all off. But that's not how everyone breaks in. That is one of those things that I don't think it's like of zero importance. But there's usually other things that are of much, much higher priority that should be done. You know, it's almost things like a picture of someone bragging about how they have the best port security ever. You're like your servers haven't been patched in this long and you've got like three back doors open on them. Oh, yeah, that's right. The external threat actors aren't on site. They're they're remotely in some foreign non extradition area hacking your systems. Hey, Tom, weird question. Can I install a bunch of prox, a bunch of on proxmox? No problem. But if I try to see me, I so it always ends up with you if I shall 2.2 screen mapping table. You're trying to install XC PNG in proxmox. I've never tried. I did the opposite. I installed proxmox and XC PNG and it worked. But I don't I don't I've never tried the opposite. Is Synology just as good as Google Photos? Um, no, it does not have the object recognition that Google Photos does. Now there's nothing that can beat how good Google is right now because of the amount of data and time they put into their object recognition. But does it work for nice backups of all your personal photos? Yes. Does it still make sense to put printers in our own VLAN? No, most of the time it makes a big headache. And how can someone show me where printers have attacked the computers and been like, oh, this entire network is compromised by that HP printer. Usually you're disaggregated by printers. I'm not saying there's no risk for printers and things like that. But it's not usually the highest risk again versus the headache. It's a convenience thing. I'm not telling you the printers are all safe and always patched. But some of them don't even the nature of the driver is it doesn't like them on a separate VLAN, even when you try to do bridging. So it comes down. Now if you get the nice commercial, you go into commercial copiers and things like that, putting those on a separate networks, not those are themselves computers with often outdated firmware and Linux on them. But you have to think about the lateral movement that gets someone there and pivots them there. If you stop them from getting on the network first awesome. But how likely are they to use the printer? Yeah, if someone gets on a network, they're going to look for some old outdated Xerox Kira Sierra system with a default password of 123456 and things like that. But if they're on a separate network, you have the other headaches of them being on a separate network. You could also lock them down. So they only talk to a specific server and everyone prints to the Windows server and a Windows server spends time communicating and you can architect it like that too. So when I look at the technology, I prefer the plus miles because Plex will stream off the plus miles very well. Yes. Nope, I've not used IP tables as a router. Can you restore a Nikkei 2100 to a PC running commodity like a hot spare? Essentially, yes, I don't think there's any issues. The problem you run into sometimes is there's those switch ports in there. And I think they restore fine to a standard install without an issue. I feel really confident. The answer is yes. If you permit for for DNS, you know, malware can kind in. Yeah, maybe depends. You can't you need DNS. VX lands are going away and Cisco is moving forward with VX land. Not really. They're not going away. They VX land something different. So is there a 10 gig Nik for open sense router that is cheap? I probably look for the Intel ones. The Intel ones are relatively cheap on eBay. How different people attaching random network switch to a network using unified devices? Good luck. I think there is. Let me pull it up. I think you can portlock and unify. Let me double check. That's like that's I'll give you the legit answer for it. So if we go over here, throw it up on the screen and yeah, Mac ID allow list. So you just filter to the Mac that's allowed on there. And it will go nuts if they try to plug another switch into it. So Mac ID allow. That's how you would lock that down. I have not had time to in David Cisco sends me not David David just connect to me with the people at Cisco. But it's on my to do list next week to start testing that. If I don't need a PXC boot, should I set up a clone for PXC? No, it's I haven't touched it in a long time because I just don't use it. So not really not really am I to do list either. It's not likely I do a PXC video anytime soon. How am I just guy? This is a Streamyard Streamyard.com is what I use for these people are wondering this software I use for my streaming site I use I should say when I was audio conference, we would put actual printers on public IPs. Oh yeah, yeah, yeah. So that's that's the thing. Here, here's a fun one. There's a very large, very popular we know because we have salons using the software and I will leave unnamed. Their solution is to collect the IP addresses of the salons and then have them open ports. And when they're using your web application, the salon prints by sending print jobs over port 515, you know, the line printer port thing is 515. Anyways, yeah, they want us to open ports for them. Now we restrict the port to only listen on their IP range from the company with the application. But that's how they print instead of printing through their application, they send the print jobs across the public internet. So that's the thing. Yeah. Whatever. I found setting a PC we absolutely terrible experience and terrible documentation and software. I set it up a long time ago year if you dig around on my channel there's probably an old video I have on it. But it's been a minute and it's all it's I mean it's it's all about setting up the there's a lot of little parameters to it and it's just not I don't know I just don't have a huge interest in doing it again. I already mentioned you have a phone PBX you like to routinely use. We do use free PBX but from a business standpoint we don't want to manage free PBX. That is Chris from Crosstalk Solutions job. That's what he does. Chris from Crosstalk Solutions offers free PBX services. We do offer phone services for clients but it's a fully managed expensive system that we put in that we partner with the company to manage. Simple as that. So because we don't want to manage it. It's a lot of work. How do you do tagging? I'm assuming you're talking about VLAN tagging. That's pretty much I got videos on how to do it in there but there that's all I got to do to change VLAN tags and unify. They're one of the easiest ones to do you just define your VLANs. I have videos if you type in like Unify VLAN 2022 you'll find I have videos I made this year on that exact topic. Before I forget I'm working on a thing that I want to share with everyone and actually I'm going to share the link with everyone too. So let me file publish to the web. Let me get you guys a link to this. I am working on some new unify videos and this is what I'm working on. But the it's a whole list here of all the different means can I zoom on it? It's hard to zoom in on a Google spreadsheet. Sorry you're going to have to look at it kind of small for a minute here. Actually if I did this would it look better? We did it this way. Stop it. Go mouse go. I have a I have a slightly broken mouse. I ordered a new one but it's not here yet. I made a switch list and I made an access point list and I just shared the link but it's also linked inside the description of this video. Yes these are affiliate links but these are listing so you can understand we're keeping this up to date. We're using this internally do by the way. So my staff is keeping this up to date. We still have to add a few more things in here. But if you want like a comparison of all the switches. This is what that is. So we have them all here. So when people would like a comparison of each of the different models that are offered by Unify we're going to keep these all in there. The next thing I'm working on is writing a web scraper and we're going to actually have the spreadsheet tell you if it's in stock before you click. So I think I can make that happen with a web scraper built into Google Sheets. So there's that. That's going to be kind of fun. But I've linked this down below if anyone's interested in you know looking at the list it's a web published. I don't know if I'll make the spreadsheet like an embedded thing on my forums but I'm missing the USX PoE. I'll look and see which ones we're missing on there and we can add them. PSL let me look here because I actually think those ones are on here. The switch 16 switch 24. Well tell me what models. There'll be a there's an company in forum posts. Send send me which ones are missing on Twitter or whatever but I'll make this interactive. That way if you can tell me something I'm missing but I wanted to mention this I put this together so people who would like to you know get into offering that yes. Make sure it wasn't anything too important. But anyways the the other thing we're going to be keeping up on here is when things are under life we'll be dropping them off but we just want to make it an easy list for people to go to and say all right here's all the list of things that are on each of these on there. So just really simple. But I'll be doing some getting started with Unify videos is I have another category to add on there for the different cloud devices and explaining those a little bit and differences between them which is not easy. That's a part of it. And I I think what you said is right right here. I think the U. S. X. X. ones are older models are replaced by USW because I think so too. And this is where I was getting confused on stuff and. I see those at the bottom right here and I think that's what they are is probably these ones right here that you're referring to. And this is like I have a few different staff who spend a lot more time than me just doing part of this. So they're pulling this information and putting all of it together all the time. And this is like an internal document that I'm going to keep shared externally. So you know because it's a lot to keep up with and you know we do it enough. So yes. But hopefully this will be helpful to someone when they're looking things up. I'm going to make a video on it as well. But it's you know that link is in this particular video so you can click on it now. And it automatically anytime we change something in here it republishes that public link. So it's dynamic. You can bookmark the link once and it'll always be up to date. And then we're going to embed this on our website with a certain section that's eventually where it'll live. But the link isn't going to change just the embedding part will. It's going to be the same. It's all based on the same document. I kind of want to go back to doing some of my Google stuff. I used to do all kinds of hacky things in Google in the early days because not everyone knows you can actually do web scraping with Google and you can do a lot of fun stuff. Google Sheets has had these features forever. So I want to try and build that in there. It makes it easy because it then builds an auto publishing tool for you at the same time that also can scale because if a ton of people hit it it works perfectly fine for that. But enough of the Google hacking stuff. What is unified strengths in the market? The routing products or garbage? Why bother getting your switches? Tons of cheaper switches out there. It's a security quality thing. Easy to manage for no license fees. That they're they're claimed to fame is they're easy to manage. They're affordable. They're pretty reasonably priced and you can manage large amounts of them with their free software and their software, their controller software is multi tenants. So if you're an IT provider like myself, you can have one instance of the controller and manage. I think we have like 70 different clients and one controller being able to have all of your clients in that that many clients and one controller. There's not another company that offers that they don't have a direct competitor without a lot of licensing fees because you can't even put them in the same categories like Maraki because the licensing fees are substantial for Maraki for that level of functionality. You should do another sheet for Omata. Not likely. They're confusing. Last time I looked, I don't know if they updated their website and they don't. They're not as on top of some of the security updates and their end of life in your products is not easy to track. So they I don't. Yeah. What's the most secure firewall brand news? I don't know. I don't know that there's any way to objectively say that. Everyone will have an opinion. I don't know that there's any truly objective. This is the best or most secure. So do you have a video about VLAN tagging and our switches such as TP-Link? I think so. I think I covered it in my TP-Link video. The routing has come a long way. Open VPN, full support coming, WireGuard, full support coming, local DNS, et cetera. Yeah, coming, coming, coming. They've been saying that for a long time. We don't have a date yet, but one day, one day. And the most secure firewall is definitely unplugged. Yes, for sure. Oh, and unified switches look sexy in Iraq. We'll go with that. That's definitely definitely true. Unified switches are not expensive. Yeah, I would say not really. They're pretty reasonably priced for what they offer and what they have. I'll agree with that quite a bit. For dual WAN redundant IP second PFSense, would you rather use BGP or policy routing? I don't understand the question exactly. Posted in the forums. Maybe I'll understand that question better. Policy routing is usually, I mean, I don't understand where you'd use BGP for dual WAN failover on that. Usually you just set it up redundantly for each one and have an entry. So taking it for open sense, seeing the Chelsea on eBay for 120, you don't go too fancy to disable offloads. Will you say a generally ideal situation for OSP would be unified switch gear managed by your host controllers? PFSense open sense named very much by common dashboard. Uh, sure. I would say that's not a bad situation. Any Linux based firewall, almost all firewalls now are Linux based or BSD. You know, open sense and PFSense are both BSD based. Seems like the doorbells never in stock. Probably you're right about that. We'll go with the doorbells not in stock. You did a month ago where you look at Cisco business switches. Have you had a chance to play with them? Nope, not yet. By the time they got me all the switches in, then I was out of town for a week. I've been so busy with some of the projects catching up on them. They're on my next week's list of things I'm going to do. Yeah, BGP and policy routing are two different things. That's why I don't understand the question. I see words but I don't understand how they are related. What packages, modules have you got running on all your firewalls? OpenSense, WireGuard, you know, this ACME client. It really depends on use cases. You know, my firewall here that I close my shares. Oh, no, it's over here now. Like we'll log into my firewall. What packages does Tom run on his firewall? Package manager. There we go. Zoom in a little, make it easier. So not many different things. I have I-PROF, I have N-Top on here. For God, I even had it installed. OpenVPN, PF Blocker, which isn't even turned on right now, by the way. RRD, service watchdog, traffic totals. I don't remember. I loaded SUDU because I was playing with something. I don't need. I don't usually load SUDU. I can probably just remove that right now if I wanted to. Definitely use WireGuard and I use Zavix. The two I use, Zavix, common, that's for monitoring. PF Blocker hit and miss. N-Top, because I did a video on it. I did it by loading it here. And I was playing with the APC UPS plug-in. So not a lot. We don't load a whole lot on there. It was messaging me now. My wife. Let's see. Unify air fiber definitely works really well. For sure. Have you ever deployed a wireless network setup in a park with a large public use? One of the most difficult parts of the setup, power. We've actually done a bunch of marinas. Marinas are one of them, but we've done different ones. We did a couple of public venues. Finding power at some of the locations and making sure they understand that we cannot install to places there's not power. They just start pointing at any structure and like, hey, put a Wi-Fi access point on it. Is there electricity over there? Well, no. Okay. Then we have to have electricity. Consistent electricity. And important security features that you turn on the G-Machine SE out of the box so they're not on by default. I think everything's on by default on there. So it's been a few months. Have you heard rumors about anything what PFS Plus will offer? No. I mean, they have... What do you call it? The latest one... I talked about one of their updates with the ZFS stuff. I did a video talking about that. It's just... And that's a PFS Plus feature. So I'm doing a live stream. So, yeah, I don't really have any... more thoughts on that. Let's see. Do you use HA Proxy with PFS Sense for reverse proxy or do you have any other solution? Yeah, HA Proxy works great. I've got a video on it. I don't really have another solution besides it. I guess I don't know. It comes down to use case. We don't set it up for very many people. Do you use NetBox for clients? Do you manage all your clients' IPs and central location? No. That would be impractical for what we do and not necessary at all. If we use a USB drive, FreeNAS is degraded. Is the drive so good for reinstall? If a USB drive is degraded, don't install TrueNAS on a USB drive. They don't recommend that anymore. Rather, UDMs in every site you exchange are centrally controlled. Two different routes you can go. We don't really use any UDM. We don't use any UDMs commercially. Nope, never use your solar gear. Never use any unified solar gear. I don't know if they're going away or not. I don't know what's happening with the solar stuff. I haven't looked in a long time. Zero Tier, you need to register your website for setup your network so it's not fully mature like VPN is. That's true. Zero Tier does have tail scale and Zero Tier are both overlay networks and if you don't own the controller that controls everything, then yes, you are letting someone else control the control plane of those and what devices can be added. NetBox is cool. If you have a data center, you need to manage IPs. NetBox is a cool tool for that. It even integrates into XCPNG. You can do a full NetBox integration with it for IP management. It's a great tool. It just isn't necessary. We're not managing people's data centers, I guess is what I should say. We don't have any large data centers that we currently manage. We manage businesses that have a bunch of Windows computers and I don't need NetBox to manage those IP addresses. Even if they have like 150 workstations. It's 150 workstations. DHCP is a wonderful thing. Besides PoE and 2.5 gig WAN it's very reason to upgrade. Not really if you don't need those things that don't upgrade to it. You want to broadcast UDP message. You don't broadcast UDP messages across the network. That isn't how that works. I think you're asking it wrong. So not exactly sure what the goal is. Start with what the goal is, what you're trying to figure out there. Four port, one gig network cards. Those are great. Any beyond trust remote support. Nope, never used it. Is that company that bomb guard? I've heard a bomb guard but I've never used them so I don't know much about them. How do you get PF sense open sense in a common dashboard? I don't know. I don't know any way to do it. TrueNAS on UDP writes too much wears out causing a fail. That's true. That's why they don't want you to use it anymore. I need to migrate my FreeNAS off the USB drives at least from here. Yes. Any good MFA option for open VPN on PF sense? Not really. I mean they have TOTP so you can do it that way. I think I have a video on it. Technically when you have certificates set up with open VPN, that is a formal authentication because people can't just log into the VPN. If you had my username and password to my VPN you cannot log into it. You still need my certificate as well so they have to get username, password, certificate. So there's your multiple factors of authentication. Certificates are a factor of authentication. Did you hire someone yet to help you produce more YouTube videos? Yes, I hired someone for my business technicalities channel. I still probably need, I even figured out how to have someone help me with this channel. Not this important in PF sense. It sure is. Hey Tom, do you calculate the size? UPS batteries? How long do you typically want servers to be on for? 10 minutes to shut them down. Maybe longer possible. I always reach budget limits before I hit minute limits. So that's where the real problem is. Budget limits. Using a state of down for TrueNAS server chassis if you're in tight space or low capacity. Yes, those work too. Yes, no, open VPN and I don't know when this will come to, they have not answered me and I asked in a forum publicly. I don't know when they're going to get open VPN TOTP properly implemented. By the way, it's implemented over VPN inside of PF sense. It's not there but it does exist because untangle has it and there is an extra field for TOTP may find the forums that here. Let's actually pull it up because I posted this publicly. So is there a way for free radius? I was using open VPN to get the two to be code separate from the password separate from the password and this is what the challenges static challenge TOTP code equals one. That's in the open VPN and it's like, sure, it would be nice 10, 10, 10, can you give us the insight? Well, this is done and I posted this in June 25th of 2021. So it'll be a year ago in nine days that I posted that question. So it can be done. It's not done inside of PF sense right now as of I'm aware of. So I don't know when or if it will. So just so people know password is something you know and certificate is something you have. What do you recommend for organizing, managing, monitoring multiple PF sense sites? We throw them in ZabEx if we want to monitor them. But you can also use SNMP monitoring with your RM tool source SNMP so we can monitor things with SNMP via that. So do you have a list for you compare Synology, TrueNAS and other storage solutions? I do have a Synology versus TrueNAS. I need to make a 2022 edition, but they're both relevant. The older version of my video is still relevant like 99% of it. I've done a video on Mikrotik. It's not a primary use case. Mikrotik's not bad, but I don't use them much. They're affordable. I don't know if you can do that from a UDM. I use NetBox for documentation for my customers. We easier setup deep-fried documentation. We use Rumble to map their network and make a map. TrueNAS scale is run smart testing long test and scrub once is that too frequently? No, I don't smart testing twice per week seems a lot. I don't know. Whatever the default is is why I leave it at. What preferred everyday piece of tech in your non-professional life? No tech. I like my motorcycle. I don't really have any of... There's nothing. I guess my phone this allows me to wander around. It's my pixel phone. I guess that is the one piece of tech I use the most because sometimes I don't turn on any computers, but I still reply to a few messages on my phone. Where do you send your invoice ninja data to? Do you track expenses in there or just another platform? What do you mean where do I send my data to? I use K-MyMoney. I have a video on accounting workflow. So if you look up my accounting workflow video people always ask about this. So if you type in let me throw it back up on the screen here there's a video I have right there that's our business accounting workflow and open source tools we use all broken down. I even made a map so people can understand how money ingresses and transactions through my company. That's the video on that topic. I'll throw it in here or there's a share button. Share copy. There you go. You can watch my accounting video. The SNMP monitoring is handled by your RMM tools so it's done internally not opening up SNP. You don't want to open up SNP to the world. So you're a tier friendly edit SSO authentication lots of enterprises can now adopt it. Yes. SNMP. Yes. Was Synology moving their own drives running any problems? Was it to reds or iron wolves? Not Synology drives? I haven't really run any problems with it. Do you use Xabix and solve for each customer? Yeah we just haven't monitoring your firewalls but mostly we're moving everything to our RMM so it's in one dashboard instead of in something else. That's all of our goals. We need more financial ingress less financial egress. Does Next Cloud support UDP for file transfers? I have no idea. I don't really use Next Cloud so I'm not sure. Did I see this? Yes I did. That was actually pretty cool. The Synology 60-bay thing so let's find that real quick. I think they just tweeted it and I can find it from there. There we go. High density. What do you recommend in front of Buildosand on my home or network? Turnass. That's my go to for a lot of it. Synology is good too. Let's pull it up here. I recommend this for your home network. The high density HD $6500. I've got videos on Synology and on Trunass because I like both of them. They're both good products. They both work well. This is a massive file server. Main surveillance storage so yeah. This is a pretty cool new product from them. Maybe Synology is watching. I can review. I'm not way more advanced than anyone can be. I've been doing these gray hairs because I started my first tech job in 1995. The Synology proprietary drives are for their enterprise solutions. That's true. They're bigger models. But yes. Any Unimus? I don't know what Unimus is but no. I've not used it and I don't know what it is. But I do know that this is cool. This is over ReadWrite TDR4 Look at all this fanciness. Consistent performance. Five times the size. I don't know. This is pretty cool. I think it's cool that they're building some of these. We really like the Synology. This is a solution we do deploy and are happy with our clients. I'm not much younger than yeah. First tech job. Yeah. I don't think there's any Raspberry Pi integration with these ones. So I'm running ES6i home on use external storage. ES6i works perfectly fine with both Synology and TrueNAS. If you go Synology the NFS on Synology isn't as fast as iSCSI. So if you go Synology, go iSCSI. If you go TrueNAS, either one's fine. Does PF Sense Carp or VRP make sense when you only have a single win? Not really. Unless it's just something you want to learn. I'm still waiting for someone to come up with a long term offline storage. I have a lot of photography studio clients. They are still using TapeDrive. Um for photography? I don't know. It feels like keeping that spinning would be fine. But I guess there's different ways. Thank you so much for the work. Awesome. I was born in 1999 and embedded in an MSP world for four years. Cool. You started early. Start young. Then when you decide you don't like the MSP world you're still young enough to go do something else if you decide you don't like it. I don't know. MSP is a marketing term. It's not really defined yet. It's a great marketing to say we're a managed service provider but that means different things to different people still because there's not like an official book on that one. Yeah. I want to get some TapeDrive for my homelab. I did another rabbit trail. Yeah. I mean, my solution for the most part I keep all my data that I love spinning all the time. That way I don't worry about bit rod or unrecoverability or archiving. The only people it's a challenge for has been where the money's coming in to play a role in that is people in the movie industry. We work with them and they just have one of our latest clients has five large Stornator XL60s and going to buy more for their new office. They have five of them because that's where all the movies live. Yeah. We really love the Stornators for things like that because they're a good cost effective way to do storage and editing. That's what this is running on too. This is actually my Stornator at my office and it was just replicating all of it. This one's new so it's got plenty of available space. Our pool has about 239 239 terabytes still free in it so we still got some room to grow but we're growing so in all the videos I do actually they are not here yet. My studio is physically separate from this so I actually bring a drive and once a month I do a dump for everything I created here gets moved and this is my long term storage for everything and then we send it up to Backblaze so we have a duplicated copy because our challenge is how much do we want to keep hot on site and how much do we want to keep in Backblaze because if we need to get it back from Backblaze that's going to take a long time so right now it's just going to Backblaze and it's good. Do you have videos showing you knowledge of VM for XCB and G via Fiber Channel? Nope. I do not have any Fiber Channel videos. Hello from Italy. U.S. is awesome. It's a config backup with some basic automation. Oh, that's like that. There's another automation tool for config management called like Rancid and there's a few of them out there that are open source ones. There's... Let me find it real quick. Firewall? It's got a weird name. Yeah, well I can't find it. It's got some name like Rancid. I can't really name it now. Linus did a video about BitRottener Yeah, if you don't have it Rancid and Oxidized I knew some of... I say it the brain trust that is this live audience will definitely throw it out there. Yeah, Rancid and Oxidized will throw a link up for people. Oxidized is a network device coming back up to a replacement, so yes this is the one I was talking about. Unrayed doesn't scale in performance so I don't have really any interest in using Unrayed. People seem really happy with it. There's a community of people that use it but yeah, the scalability of it and speed of it is definitely where the big hangups are. Do you know Dell PowerFlex Storage have used it? Nope, I've not used Dell PowerFlex Storage. You could do Ansible. You could actually just set up Ansible to go in and grab the config files. Never used Expinology. People seem happy with Unrayed. The only time we've had unhappy people are looking for performance. Someone's using it and they realize some of the performance limitations of it. It's just the way it's architected. It's a flexible storage server, not a high-speed storage server, but it's usually fast enough for what people want to do. That's the important part. It's fast enough for what they want to accomplish. That's what matters. Thanks for your video. Oh, okay, from France and you have a C64 and Amiga and starting with Usenet. I was dialing in to the BBSs back then. Yeah, the flexibility is usually what sells people on Unrayed. I mean, it's flexible. You can just dynamically add this. Awesome. That's definitely a feature people like. So, all right, I'm going to wind this down. What are the other things people want to know? Unrayed is good for a Plex server to spin up a drive when you want something to save a little power. Yeah, that's a thing too. Save a few bucks with electricity. Spinning down some more. electricity. Spinning down some drives. I don't know how much it really sees. Drives are pretty little wattage. Let's see. 14. So, here's a we'll pull this up real quick because someone will try to call me out but I want to point this out. Somewhere in these specs. There we go. So, if you look here this is a 14 terabyte you know, 7200 RPM drive it idles at 5 watts. Average is 8 watts. So, yeah, it's not, they don't pull, the drives are I mean, yeah, that adds up. 10 drives is going to be 80 watts. So, yes, if the average power consumption is about 8 watts 10 drives is going to cost you 80 watts. But if you have 10, 14 terabyte drives I mean, yeah, it depends on how much power is. Oh, yeah, smash the like button. There's still 198 people here but only 59 likes. So, definitely if we could smash that like button that would be great. What is your recommended shared store for an XCB and G-Pool? TrueNAS with NFS that's all the shared storage we have in ours. NFS storage like this particular one we've got 80 drives in that one. We have more than one of these in here. 18 more drives 18 more VDIs in this one. But, yeah, this is all NFS storage. NFS is mostly what we use. So, type NFS and you can see this is attached to that server I was logged into based on how much free there is on there. We don't set any quota limits because I should be able to go to there. Oh, there's less. There's 54 of you. I deleted a few VMs. But, yeah, most all of our storage is going to be NFS. I have a large ESXi server or homelab PFSentzbox built NAS Synology on my network here. I pull it up at 200 watt running everything. Yeah. You can be reasonable on it. Any views on wireless access point solutions? I like Unify for wireless access points. Can XCB do LACP for more bandwidth? Yes, it can. If we go over here to the pull lab network you can do bonded network. You just select all the interfaces. So, if we wanted to make a bond with a pair of 10 gig interfaces, you can. There's your LACP. So, it can be created. I'm not, I'm not clicking create things because these are not set to be bonded. But yes, it does support it. Here's a single ZFS pull for all VM storage and XCB partition same dis. No. I don't think there's a way to do that. There might be some way to do it. I'm not aware of any way to do it. If you're hosting Windows machines, don't you need iSCSI instead of NFS? No. You can, the Windows VMs can be on NFS. It's, I don't know why you would need it. I mean, unless you wanted to present iSCSI to the Windows machine for storage, that's a different use case. Largest deployment? I don't know, a couple data centers. I think we had one, you know what, we didn't have that one client I mentioned. I think they had 2100 virtual machines. I forget how many hosts they had a lot. But 2100 virtual machines overall. Proxmox replication from VMsphere. I don't know that it can replicate from did unified fix the issue with IoT since my first unified equipment just came in I need to figure out how I'm going to do my home automation. I don't know what issue you're having, so I don't know. The Windows VMs would know and if they were just there, that's just where the VMs live. Right. That's correct. What's a good solution for VPN for remote office? We're going to go with open VPN. Open VPN is pretty much the one out there. It's got the user management and we integrate it to people's active directory list they have so it's generally our go to VPN solution. People ask if they have an issue. This is why I have my forums and I always encourage people and I'll see as I'm winding this down people want to know how to connect with me I always remind them forums this is where we can have a more in-depth discussion about the questions because you only get so much of a question and I can only reply so articulate I'll give a usually better answer or some links and references when you head over to forums.lauranceystems.com Wiregar is not used in the office much for because it doesn't have good user management. I don't think there's anything that that's free and open source that does app delivery. Maybe I'm wrong but I'm not a married so I don't really have any NAC recommendations not sure you mean I have any issues IOT devices yeah they work fine for me I mean my IOT stuff is connected to it so try to join your forum morning was rejected for spam how do I appeal DM me on Twitter and let me know here's what I do this is really simple I go and I do a spam list check and if you're on the email blacklist that's it for you I can't I have too many spammers trying to join all the time and I just pop the domains they come from in here if you're on the spam list then I just reject it because the spammers love my forums that's a that's a success of my forums is the fact that I have spammers getting on there so this is the solution I have is to just do a blacklist check if you're on a spam list and getting off of it unless you're legitimately a spammer so but yeah I don't know I've never tried to open VPN on an arm and Mac I don't know how well it works is there a way to sign a pool to a VPN group and open VPN what pool would you assign I I TV be an accounting group gets a subnet for that you do there's ways to do it with free radius you can it's a little tricky but you can just do IP assignments through free radius so they get exactly where they go if if there's an that way if they have a different subnet you can put them on there you just you tie it to free radius and then you put the subnet within free radius for things I've never used next nest Wi-Fi behind PF sense never tried it open VPN and Mac works great but okay someone says it does work great with the arm okay cool server is a server that can you know we'll pull it up Google it if you actually it's free radius so free radius there we go we'll send I'll send you a link to it so those of you who don't want to know what it is as featured module or scale will get served most widely deployed radius server it's funny they actually don't define what radius server is here but a Google search will define that better than me spammer saw your last homelab video got a spammer so yes they love Tom yes they do yeah they certainly and they like the forums because they want to post their software their garbage they do like blog looking posts I delete them I'm there and I it's rare they get through once in a while they set up a Gmail address and I'll get a new user with Gmail and any post stupid links to dumb software sites and things like that this is the best game I've ever played like stuff it's really silly so out of context for my forums I don't think they get any clicks but they're hoping no one's moderating the forums and sees that and deletes it so also the user base of people I have on the forums have been really good about flagging the moment something like it's post so to everyone and maybe many of you here that have joined my forums thank you because you make the job a lot easier because I get I'll log in and see flagged posts and like oh yeah I just gotta get rid of these Mac has emulation for non-arm programs oh okay I've not used the Mac arm stuff so I don't know much about it I heard it's fast alright well I'm gonna wander off because I have a few other things I'm gonna go do thank you everyone for joining me for this last hour as I said head over to the forums and if you got rejected from the forums DM me on Twitter or get yourself off the blacklist that's the best thing you can do get off the blacklist or maybe spammer and you're you've thought to contact me in the forums I don't know how to validate that at some point give you access provisionally I'm not even sure so there you go authentication authorization and accounting that is correct that is the shortest way to define what the radius server does in the fewest words so that's definitely good but thank you everyone for joining I'm looking forward to doing this again next Thursday and if I feel really inspired I'll do it again on Saturday I already went a little while Saturday or Sunday so absolutely there is no pizza request for today no he's hanging out with the sister today so no pizza request you all are pro go the LR on the LR are really nice they definitely have the reach so unblock me and you'll never see yeah you'll never believe what happens next yeah yeah that's a problem so alright well thanks everyone for joining once again thank you so much for being here check out the links I said check out the unified stuff leave some comments and your thoughts down below or have a forum for a more in depth discussion ooh hot sauce today in merch I need merch right so yeah yeah I gotta work on merch that's actually am I to do this I gotta make some more shirts I haven't made any new shirts in a while so alright thanks for I get distracted again