OPNsense Forum
English Forums => Intrusion Detection and Prevention => Topic started by: srwsol on July 18, 2019, 12:41:28 am
-
Hi folks:
I'm looking to replace my Zywall 110 router, mostly due the Zyxel's registration policies regarding firmware upgrades and the fact that you now cannot prevent the router from phoning home whenever it wants to.
The one thing I'm looking for that I haven't found yet, which the Zywall firewall allows, is user based firewall rules. What I mean by that is that you can create a firewall rule that is only matchable if a particular user or member of a particular user group is logged into the router from the WAN side. In practice how I use this is to create a rule that will open an incoming port on the firewall only if a specific user is logged in from the same IP address as the packet being evaluated by the rule.
The Zywall lets you create users that have no other authority other than to login and cause the IP address they logged in from to be associated with a specific userid by the Zywall (i.e. they can't see or control anything regarding the status of the router), and so what the user does is login to the router with their browser using that userid and then they just minimize the window. As long as that user is logged in to the router the firewall rules accepting incoming connections to a certain port are able to be matched and connections to that port can be made.
This is perfect for allowing users who aren't part of your organization (i.e. you don't have a VPN setup for them), and whose IP address you don't know ahead of time, to ad-hoc login to something, say a demo, without opening that port to the entire internet.
I'm wondering if Opensense can do that, as this is the only thing keeping me on the Zywall 110.