Hi everyone,
I've been a long time home user of Untangle NGFW but as they have recently decided to drop the option for Home User licenses I have until August to find a suitable replacement & I'm hoping that OPNSense will be the right move for me.
Currently with Untangle I have a blanket policy in place that blocks access for all devices to various unwanted categories such as known malware, phishing, adult sites etc.
I then have a couple of separate time schedule based rules in place that then additionally block access to sites like YouTube and Xbox Live between certain hours.
I also have a few static IPs on my LAN that I have set to bypass any web filtering altogether.
Is it possible for me to do the same thing with using OPNSense? My own research is leading me to believe that it is possible using the ZenArmor plugin. I know I will need to purchase a license for this, will the Home License allow me to do what I need?
I've been running through the free version of Zenarmor for the last few days, and it will do some of what you need, but you will almost definitely need to pay to get everything. That said, there might be other ways to do what you want and hopefully other people will answer.
One thing I know it will not block in the free version is streaming media sources like Youtube. Ad blocking is in free and works OK, still lets some through. Porn and some drugs categories can be blocked, and a few other of the "severe" levels of sites Mid level is where the pay starts to come in.
In theory, you can install e2guardian to get a lot of the same blocking features too, I ran this on my pfsense firewall until I broke it. Decided that since I broke things, I might as well give a different firewall a try and see what I can learn.
Thank you for your reply.
It's good to know that I will likely be able to achieve what I am looking for with OPNSense & some plugins.
I'm more than happy to pay for a Zenarmour Home License if needs be.
I wasn't aware of e2guardian, thank you for mentioning that, it gives me something else to go away & look in to as well.
Are time based schedules a possibility do you know?
Quote from: Greg_E on March 19, 2024, 09:41:50 PM
I've been running through the free version of Zenarmor for the last few days, and it will do some of what you need, but you will almost definitely need to pay to get everything. That said, there might be other ways to do what you want and hopefully other people will answer.
One thing I know it will not block in the free version is streaming media sources like Youtube. Ad blocking is in free and works OK, still lets some through. Porn and some drugs categories can be blocked, and a few other of the "severe" levels of sites Mid level is where the pay starts to come in.
In theory, you can install e2guardian to get a lot of the same blocking features too, I ran this on my pfsense firewall until I broke it. Decided that since I broke things, I might as well give a different firewall a try and see what I can learn.
Did you ever had a running setup of e2g on OPN? Config is so weird
My e2g was on pfsense which was fairly easy once you jumped through the hoops to get it installed. But I was running walled garden mode and every once in a while I would get the white list file too big and things would stop working. The last time I worked on it, it just failed and I ended up turning it off.
Now I'm trying to get back to some semblance of this with OPNsense but doing it in a way that installs from the supported plugins. Whatever people want to say about Zenarmor (I've had some negative replies on another forum), it seems to offer some or most of what I was getting with e2g, at least with the paid version of Zenarmor.
So no, I'm not up to speed with e2g on OPN, it's my fallback at this point and something to work on during the summer when I have more time and student are away. And I'm going to try and squeeze OPN Business and ZenArmor though out of surplus funds, so probably not going to go back to e2g.
And finally, I keep reading about the end of Squid, since e2g relies on Squid...
I have a e2g plugin somewhere in my git, but it failed templating all those stories.
When you find the time or your old configs I could try to finalize it, maybe via community repo as the plugin code does not fit "standards" :D
Just following this up,
I have now successfully migrated over to OPNSense.
In the end I went down the route of using the Zenarmor plugin in order to achieve app & web filtering similar to what I previously had with my Untangle set up