Hello all
I am in the throws of deploying opnsense (after 2 years) and i have the following project to be deployed next week.
1) go live with opnsense
2) re-assign ip4 addresses in a more logical sequence. I currently have dhcp assignments from 192.168.1.50 to 192.168.1.99. I also have about 20 IOT devices that i would want to reassign
3) start deployment of security system. Ther cameras, video doorbell and keypad will be installed on wednesday of next week
I do not use any cloud service for any devices or solutions. I am using a proxmox server as my main server and on this server i am running truenas scale, opensense and home assistant as VM and Tailscale qan pihole as LXC. In addition I have a backup bare metal truenas scale. I have 6 pcs around the house.
The truenas servers hold very personal documents and generic media
My server only connect to the internet to receive updates and to allow me (and a few individuals) remote access to everything (me) and only to certain datasets the other individuals
I kind understand the need and i kind of know how to set up virtual networks.
My thinking would be to to setup a vn for all my servers one for my iot one for my pcs and one for guest (mainly individuals coming to my home and connecting their phone). I would like to build certain automation (emergencies) in home assistant to notify authorities. In addition HA will need to push notifications (including pictures and or videos from my security solution to my phone.
Can someone please direct me to documentation on where to learn and find best practices to set firewalls? In addition do I need to set up firewalls?
Thank you all in advance for the assistance provided
OPNsense is a firewall. So what do you mean by "set up firewalls"? If for a first step to get everything up and running you want to keep all your client systems in a single network, desktop, mobile, IoT, ... the default settings are perfectly fine and you will be at least as secure as with any consumer all in one router.
What OPNsense offers you is the capability of network separation. So if you have a dozen of IoT devices of dubious origin, you might want to separate these from your trusted "family network". That can be done with WiFi access points that support multiple networks ("SSIDs") and can map them to different VLANs (a "virtual LAN", i.e. sort of like a separate switch) combined with a managed switch that also supports VLANs.
But that is a steep learning curve and you are invited to join the OPNsense community and ask whatever questions you have, but best start with a simple setup. Replace the router you have with OPNsense. If you don't have one already, get a managed switch. Get your local network and Internet connection back up and running.
Then think about new things and come back with questions.
HTH, best regards,
Patrick
Hello @Patrick Hausen
I deeply apologies for the delay in thank you you for your reply
Sorry i was not clear.
I should have said firewall rules Yes i plan to set my IOT on a seperate vlan this is the easy part.
to be specific all my servers will need to access the internet if only to get updates. this is not often
my pcs and htpcs will have daily access to the www. However all my iot devices do not need to access the www. all ota updates for these devices will come from HA which is installed on the same box as opnsense. In this case HA will download the update and i will perform the device update ota via HA.
In my simple understanding i created VLANs for servers 192.168.10.xxx one for IOT 192.168.20.xxx one for my HTPc's and Receivers 192.168.1.30.xxx and one for all other devices 192.168.1.xxx
All pc's can talk to one another and to my servers.
Besides the the access to the www for the reasons mentioned here. I currently use tailscale (in the near future wireguard) to remote access my environment (mostly by phone or one of my laptops)
I plan to give remote access to family members and 2 friends. This is what i want to control and ensure they only access certain media.
As a matter of fact my live deployment of has been delayed
Now a different developmen thas arised
I need to change my Radio based ISP (because of issued when storms occur) to the new FWA solution which operates at a lower frequency and apparently will not be affected by storms because it operates at a lower frequency (way beyond my level of understanding)
.
I will open a new thread for this learning
once again thank you