OPNsense Forum

Archive => 17.1 Legacy Series => Topic started by: jberg on July 22, 2017, 12:39:57 am

Title: Layer 7 inspection with firewall rules
Post by: jberg on July 22, 2017, 12:39:57 am
Hello,

I tried to find any information about layer 7 (application layer) inspection and potential to do firewall rules based on like destination urls. I have done this with clavister firewalls before and it works great but currently i don't have access to clavister licenses.

The background is i run serveral servers on different SVI/vlans on the inside, and only one ip on WAN. I basically need same ports available on several places, its a small nightmare to do this on portbased options, hence the question.

Is Application layer firewall rules something that could come in the future or any way to do this today?

Regards, Joel
Title: Re: Layer 7 inspection with firewall rules
Post by: fabian on July 22, 2017, 12:08:11 pm
If you want to have different servers behind the same IP/Port, you are probably interested into using a reverse proxy. A plugin is available for HAProxy, nginx is in the ports if preferred (no GUI support).
Title: Re: Layer 7 inspection with firewall rules
Post by: jberg on August 04, 2017, 01:28:17 am
Thanks a lot, i will look in to this more carefully!

But wish that something like native L/ inspection will be a thing in Opnsense in the future! :-)