Hello all
I am in the throws of deploying opnsense (after 2 years) and i have the following project to be deployed next week.
1) go live with opnsense
2) re-assign ip4 addresses in a more logical sequence. I currently have dhcp assignments from 192.168.1.50 to 192.168.1.99. I also have about 20 IOT devices that i would want to reassign
3) start deployment of security system. Ther cameras, video doorbell and keypad will be installed on wednesday of next week
I do not use any cloud service for any devices or solutions. I am using a proxmox server as my main server and on this server i am running truenas scale, opensense and home assistant as VM and Tailscale qan pihole as LXC. In addition I have a backup bare metal truenas scale. I have 6 pcs around the house.
The truenas servers hold very personal documents and generic media
My server only connect to the internet to receive updates and to allow me (and a few individuals) remote access to everything (me) and only to certain datasets the other individuals
I kind understand the need and i kind of know how to set up virtual networks.
My thinking would be to to setup a vn for all my servers one for my iot one for my pcs and one for guest (mainly individuals coming to my home and connecting their phone). I would like to build certain automation (emergencies) in home assistant to notify authorities. In addition HA will need to push notifications (including pictures and or videos from my security solution to my phone.
Can someone please direct me to documentation on where to learn and find best practices to set firewalls? In addition do I need to set up firewalls?
Thank you all in advance for the assistance provided
OPNsense is a firewall. So what do you mean by "set up firewalls"? If for a first step to get everything up and running you want to keep all your client systems in a single network, desktop, mobile, IoT, ... the default settings are perfectly fine and you will be at least as secure as with any consumer all in one router.
What OPNsense offers you is the capability of network separation. So if you have a dozen of IoT devices of dubious origin, you might want to separate these from your trusted "family network". That can be done with WiFi access points that support multiple networks ("SSIDs") and can map them to different VLANs (a "virtual LAN", i.e. sort of like a separate switch) combined with a managed switch that also supports VLANs.
But that is a steep learning curve and you are invited to join the OPNsense community and ask whatever questions you have, but best start with a simple setup. Replace the router you have with OPNsense. If you don't have one already, get a managed switch. Get your local network and Internet connection back up and running.
Then think about new things and come back with questions.
HTH, best regards,
Patrick