"
La mia opinione: accesso alla GUI da remoto solo tramite VPN. Se proprio non fosse tecnicamente possibile, accesso con 2FA e magari solo da indirizzi IP pubblici "trusted".
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
#2
Hardware and Performance / Re: Cheap Hardware for VPN Client?
April 30, 2021, 11:44:27 AM
Or something like this: https://store.gl-inet.com/collections/all-wifi-devices/products/gl-ar300m-mini-smart-router if you only need a VPN client running up to 20..50 Mbps (depending on VPN type). Unfortunately OPNsense doesn't run on it.
#3
21.1 Legacy Series / Re: Native-kernel wireguard support for 21.1 feasible? FreeBSD 13 may have it
March 21, 2021, 11:00:45 AMQuote from: Mondmann on March 20, 2021, 05:10:02 PM
let us know when it's time and let's test the experimental Wireguard kernel module.
Then we will see if everything will be good.
2nd to this. Thanks Franco.
--
Stay safe.
#4
Italian - Italiano / Re: Mio sito sulla rete interna
January 13, 2021, 05:21:46 PM
Ciao,
altra verifica... se c'è un solo IP fisso in WAN le porte utilizzate dal firewall per la sua amministrazione sono diverse dalla 80 e 443?
P.S.: Le 2 regole di "NAT:Port Forward" hanno Source/Interface WAN, Destination/Address "WAN address" e NAT/IP l'IP del server wordpress.
altra verifica... se c'è un solo IP fisso in WAN le porte utilizzate dal firewall per la sua amministrazione sono diverse dalla 80 e 443?
P.S.: Le 2 regole di "NAT:Port Forward" hanno Source/Interface WAN, Destination/Address "WAN address" e NAT/IP l'IP del server wordpress.
#5
Hardware and Performance / Re: Moving OPNsense to DMZ
January 04, 2021, 03:56:51 PM
I managed a couple of APU2s with a data line greater than 100/100 Mbps. In my cases moving the firewalls to DMZ improved significantly the situation.
#6
Hardware and Performance / Re: Smaller form factor hardware recommendations?
July 30, 2020, 04:08:31 PM
Another option is this: https://fit-iot.com/web/products/fitlet2/
Quite reliable, not so cheap.
Quite reliable, not so cheap.
#7
Hardware and Performance / Re: newbie wants to build 1st opnsense firewall
October 31, 2019, 03:13:20 PM
I'd vote for Supermicro, having 3 in production. Like 2x10Gb ports and IPMI.
#8
19.7 Legacy Series / Re: IP subnet on WAN interface and NAT
October 03, 2019, 11:11:23 AM
Hello,
you should add an "IP Alias" with the same netmask of your WAN subnet.
Then you can use it as you need.
you should add an "IP Alias" with the same netmask of your WAN subnet.
Then you can use it as you need.
#9
Italian - Italiano / Re: Regole per la connessione temporizzata ad internet per macaddress
August 12, 2019, 02:25:27 PM
Una possibilità è quella di riservare un IP nel servizio DHCP e poi applicare la regola a tempo per quell'IP di origine.
#10
General Discussion / Re: Multi WAN question
May 17, 2019, 12:12:15 PM
Hello,
it is possible.
You simply need to configure the proper WAN Gateway (WAN1 or WAN2) to a rule belonging to your LAN interface.
it is possible.
You simply need to configure the proper WAN Gateway (WAN1 or WAN2) to a rule belonging to your LAN interface.
#11
General Discussion / Re: Routing to another gateway
April 24, 2019, 08:34:59 AM
Asymmetric routing (https://en.wikipedia.org/wiki/Talk%3ARouting#Symmetric_and_Asymmetric_Routing).
Ping (ICMP) can handle it, all other protocols not.
Ping (ICMP) can handle it, all other protocols not.
#12
General Discussion / Re: Basic question about WAN rules
April 19, 2019, 08:31:52 PM
Hi Gary,
if you stay with drop all (default) rule you don't actually need any other inbound rules.
As a net admin, however, I need to remote admin all my firewalls and if there is no VPN at least one rule allowing the firewall remote admin is needed. In this case access can be "shielded" using DNSBLs and IPBLs.
if you stay with drop all (default) rule you don't actually need any other inbound rules.
As a net admin, however, I need to remote admin all my firewalls and if there is no VPN at least one rule allowing the firewall remote admin is needed. In this case access can be "shielded" using DNSBLs and IPBLs.
#13
19.1 Legacy Series / Re: Unable to boot ESX VM using OPNsense-19.1.4-OpenSSL-vga-amd64.img
April 17, 2019, 08:44:16 AM
You need an .iso image to install OPNsense as VM: OPNsense-19.1.4-OpenSSL-dvd-amd64.iso.bz2
#14
19.1 Legacy Series / Re: VMWare Tools for Hardened BSD
February 07, 2019, 09:33:31 AM
Same here. Production environment on ESXi v6.7, VMware tools are properly working despite the warning.
#15
Italian - Italiano / Re: Acquisto firewall OPNsense
January 19, 2019, 08:53:32 PM
Ciao,
in realtà se la banda WAN è importante (sopra i 100 Mbps) e la banda richiesta dalla VPN è quella della WAN allora la velocità di connessione influenza non poco la scelta dell' hardware. Stesso discorso se sono richiesti servizi IDS/IPS.
Infine: budget?
in realtà se la banda WAN è importante (sopra i 100 Mbps) e la banda richiesta dalla VPN è quella della WAN allora la velocità di connessione influenza non poco la scelta dell' hardware. Stesso discorso se sono richiesti servizi IDS/IPS.
Infine: budget?
