Messages

There is no additional data here and it does not belong into a thread marked as solved not replied to for almost 2 years.


Cheers,
Franco

There is if the problem still exists which it does.

FlakStapper gave a very good reason for this at https://forum.opnsense.org/index.php?topic=5121.0#msg21207

1,000 users?  No.  It should support 65,534 users.  Different subnets I think would be too much trouble since network resources need to be accessed by all.

I just need a firewall OS that allows users who have accounts (staff) to override if an override is allowed.

So it does none of those things?

This problem still exists with the current VGA.

I have a couple of questions before I try OPNsense.  Presently, we use a FortiNet 200B firewall, but it is old and doesn't do a very good job of filtering HTTPS websites.  So I am thinking about trying OPNsense instead.  This is going to be in a school setting with about 1,000 users possibly.

1) Can users be added to where if a website is blocked by OPNsense, they can override the block and go to the website?  This is nice if a teacher needs to access something.  We allow them to use Facebook during breaks and lunch, but want students off of it.

2) Will the firewall block HTTPS sites like Facebook, Twitter, etc., but allow an override?

3) Do certificates need to be installed on computers for HTTPS filtering?

4) Are there categories of things to allow automatically, block but allow with override, and block?  FortiNet has categories in it I can allow or block.  We allow Facebook with an override, but not obviously bad websites.

5)  We do 10.0.0.X/16 and have 10.0.2.1-10.0.254.254 for DHCP.  Can I specify IP addresses to automatically bypass the firewall?  Specifically, block the DHCP addresses but allow static IP addresses like 10.0.0.25 or 10.0.1.55 and so on not in the DHCP range?