So I have this wish for a graphical report kind-of-thing that shows all hosts per interface (yes I know, that can be alot if the installation is large) and the traffic generated between OPNsense and each host, per port/protocol if zoomed in. And so on? Is there any tool that does this?
Check out this thread https://forum.opnsense.org/index.php?topic=19763.0
Cacti is another favourite and the weathermap plugin may do what you want: https://www.cacti.net/info/cacti
Bart...
Is netflow not detailled enough?
Well the details are most likely there somewhere.
But I find it not that very useful to find what is happening in real time.
Say one could combine "Filter Live View" with a "GUI" presentation, where all identified hosts are shown, and what traffic flows where - with lines in between... Double click on any object (host/flow/interface/<soemthing more>) to find any more details. Filter on only certain ports or "none of these ports" and so on.
The ability from that/this screen to create filter rules, either for pass (white list) or block (black list) - I'm more of a block everything, and then open what is needed (white list) - however sometimes this is simply hard because there is no or very little (in-)correct documentation of what is needed. And a lot of software today seems to be able by automagic tunnel there communication over https anyway so... How do you fast find out what is needed to be opened? I guess that is what I am trying to figure out. Running a firewall that allows everything out is maybe comfortable? But not to my likening...