Text only | Text with Images

OPNsense Forum

English Forums => General Discussion => Topic started by: nmiller0113 on July 15, 2017, 10:26:58 AM

Title: New Device Alert
Post by: nmiller0113 on July 15, 2017, 10:26:58 AM
I recently moved from Untangle to opnsense.  Everything is running great but I cannot seem to figure out a good way to get alerts when new devices appear on my internal network(s).  I like to be aware of new connections so I know if someone new jumped on my wireless or connected to my LAN.  It's just for the sake of knowing and making sure it's legit and not some rogue device.  Untangle had an easy way of doing this, and I understand that opnsense is a completely different platform and I'm not necessarily looking for an as easy solution...just *a* solution...either using what's part of the platform by default or through the use of an additional features.  Either works for me, I just want to be able to get an email every time a device, not previously known or on the network, connects.  Thanks!
Title: Re: New Device Alert
Post by: MasterXBKC on July 16, 2017, 02:47:43 AM
I could make this work for you, i have built a number of tool for pfsense and opnsense. 
Title: Re: New Device Alert
Post by: nmiller0113 on July 17, 2017, 08:14:43 PM
Awesome!  How hard would it be to create?
Title: New Device Alert
Post by: Micky on July 17, 2017, 08:39:39 PM
You could use a raspberry with nmap-skript, too. If unknown Clients were found you can send a pushover-message or mail ...

Gr. Micky
Title: Re: New Device Alert
Post by: beren on October 08, 2019, 05:43:04 PM
I know this is old, but has anyone come up with an easy solution? It would be really nice if it could use the dhcp static lease file as filter as well, so known devices don't get logged.
Title: Re: New Device Alert
Post by: Mark1 on October 17, 2019, 05:09:35 PM
Hi,

is it to trivial or is there simply no solution to receive an email on new devices?

I would really appreciate a short feedback whether it is possible or not.

Thanks,

Mark
Title: Re: New Device Alert
Post by: chemlud on October 17, 2019, 06:02:19 PM
I don't know an easy way to make the DHCP server send an email for every new (!) lease. Would be interesting for other functions (IDS), too...

If you want to hand down IPs on your network manually (reserved for MAC) this can be done quite easily.
Title: Re: New Device Alert
Post by: mimugmail on October 17, 2019, 08:19:40 PM
You can try to install arpwatch via ports
Title: Re: New Device Alert
Post by: Mark1 on October 22, 2019, 12:13:32 PM
Thank you.
Conclusion, with the standard opnsense release a new device alert is not possible.

Interesting fact as the first question from the GDPR guy was how we get notified on new devices.



Title: Re: New Device Alert
Post by: hbc on October 22, 2019, 12:18:06 PM
What about new devices not using your gateway?

I would try switch port security and block unknown devices on access layer --> 802.1x.
New devices have to request a computer certificate in IT dept.
Title: Re: New Device Alert
Post by: mimugmail on October 22, 2019, 01:11:40 PM
Quote from: hbc on October 22, 2019, 12:18:06 PM
What about new devices not using your gateway?

I would try switch port security and block unknown devices on access layer --> 802.1x.
New devices have to request a computer certificate in IT dept.

Indeed a way better solution
Title: Re: New Device Alert
Post by: mimugmail on January 03, 2022, 03:45:06 PM
There is now one :)

https://forum.opnsense.org/index.php?topic=20827.msg126436#msg126436
Text only | Text with Images