Hello Everyone,
I'm currently facing some challenges in transitioning from FortiGate to OPNsense as our firewall solution.
In FortiGate, we efficiently managed web access restrictions by establishing distinct profiles and policies for each department. However, in transitioning to OPNsense, I am encountering challenges in replicating this functionality.
additionally, within the OPNsense web proxy setup, I've implemented a transparent proxy configuration relying on a Certificate Authority (CA). Unfortunately, this necessitates the installation of the CA on every client device to enable internet access. Is there a viable alternative method that eliminates the need for deploying the CA to each client?
Any insights, suggestions, or guidance on these matters would be greatly appreciated. Thank you in advance for your assistance.
Quote from: katchu on January 04, 2024, 10:13:55 AM
additionally, within the OPNsense web proxy setup, I've implemented a transparent proxy configuration relying on a Certificate Authority (CA). Unfortunately, this necessitates the installation of the CA on every client device to enable internet access. Is there a viable alternative method that eliminates the need for deploying the CA to each client?
There is no alternative if you want to inspect
content. Not any different with any other appliance providing transparent HTTPS proxy. If you do not need content inspection, then yes.
https://wiki.squid-cache.org/Features/SslPeekAndSplice