Messages

1

High availability / HA with one Static IP

« on: November 18, 2020, 05:58:14 pm »

Hello,

I came across a setup with two Fortinet routers, setup as an HA - seemed straight forward, Internet to a small switch - then each of the foritnets into that switch, and two heartbeat connections between the two routers. Then to the internal switch

However at this location they only have One External Static IP, and from what I've read - or at least how I understand it, when setting up two routers in HA, we need at least three external static IPs.  One to each router, and a virtual one.  So I'm wondering can I set up two opnsense devices (same hardware) in HA mode with one static IP similar to the described above or do I need three?

Thanks


Thanks

2

General Discussion / Re: change user passwords over VPN

« on: May 26, 2020, 09:33:42 pm »

Thanks for all the replies.

3

General Discussion / change user passwords over VPN

« on: May 23, 2020, 07:19:05 pm »

Hello,

I've seen setups of businesses using the Cisco Anyconnect VPN where users can use their AD credentials to connect.  But they can even change their password. So if there is a remote user and they have to change their password every 60 days.. when it's getting close to the expiry date, when they connect to the VPN the anyconnect client will prompt them that their password is about to expire and they can change it there, which will then update it in AD.

Is this possible with the vpn option in opnsense?  if not how would you recommend users change their password remotely if coming into the office is not possible?

Thanks

4

Hardware and Performance / SSD Recommendations

« on: May 23, 2020, 07:09:16 pm »

Hello,

I'm in the process of doing an upgrade to my router, and I'm planning on replacing the HDD, with an SSD.   I'm looking for some suggestions of drives I should consider.   I'm thinking of a size 128 to 250gb.  But since I will be using caching, and IDS, logging.. etc.. I want to make sure I have a good solid (no pun intended) drive that will last a long time.

Thanks

5

Hardware and Performance / Re: OpnSense on Sophos Red's

« on: May 23, 2020, 06:52:53 pm »

Hi, I just saw this post.  I've switched from Sophos too.   I've never used the red devices.  But I did install opnsense on my 110/120 rev 5 devices.  I had no issues installing it.   I would suspect if the hardware is similar.. Intel Atom, HD, ram, I don't think you should have issues.

The one thing I did notice is that the way sophos labeled their ethernet port eth0-eth3 going left to right, opnsense seems to see them left to right.     ie:   When tried to configure my wan which is labeled eth1, I selected eth1, but opnsense saw the labeled eth2 as eth1, and the labeled eth3 as eth0. etc.

6

Zenarmor (Sensei) / Re: Sensei on OPNsense - Application based filtering

« on: December 29, 2019, 05:16:58 pm »

Hi, I've been testing out the home license of Sensei and I must say it's a nice addition into opnsense.  I have moved from Sophos (formaly Astaro) UTM.  And while there were lots of great features in that, I'm pretty sure that opnsense and sensei together are a nice replacement.

I have some feedback more like feature requests or suggestions. 

1) I am using policies for the web security.  One for my wife's and mine devices and another controlled policy for the kids.  It would be a good feature to include Quota's for sites..  Ie:  Kids spend all day on Youtube.. if I can place a 2 hour limit on youtube then when it reaches that two hour mark,  either in one sitting, or two 1 hour viewings or four 30mins, etc over the course of a day, then when that time is up no more youtube until the next day.

2) Under the security settings, would like to have a test option.  You create a policy and have a user name or IP linked to it.  (I use static IPs so this is not an issue)  setup the sites I want to block etc..

But then the test option can be to put in a domain name, and the IP address of user name of who I want to test the policy out as and the output tells me that yes that site is blocked or allowed for this computer/user using this policy and what category under App and Web control it falls under.   This is also a good troubleshooting tool too, as maybe you blocked a category or two, then a site or app that is ok is not working, and you can use this feature to determine that oh,  it looks like its under this category and then you can make what adjustments you need to make.

Overall I am enjoying it, and am looking forward to new features.

7

General Discussion / Webfiltering rules

« on: December 08, 2019, 06:09:28 pm »

Hello,

I'm wondering how people are handling multiple web filtering rules..   for example.. I want users to be blocked from Facebook or youtube etc..  but another group to have access to those sites.   It appears that opnsense is configured to have one rule apply to everyone?

Is this possible to do with the base installation?

Thanks

8

General Discussion / Is this possible?

« on: September 18, 2019, 11:06:04 am »

Hello,  I'm currently using Sophos UTM in my home network, and it's been good.
Currently my setup is configured, where my firewall blocks everything going out.  With a few minor exceptions like a rule for my Voip Phones specifically on the specific ports  it uses.

But then I use web filter policies for my machines.   I have two groups, one for my wife and I and the other for the kids' devices.  I manage everything with static IPs on all devices.  (IP reservation)   So I have a web filter group for the kids, which allows them to the sites I want and is applied to the devices I choose, and it also has a time setting.  So after 8pm no more internet access.

And then I have another group for my computers allowing access to everything and no time limits.

I'm wanting to explore opnsense more, and I was wondering if I'm able to do a similar setup with opnsense or do I need a different kind of setup or maybe a plugin like Sensi?   I'm wanting to do as much as I can with complete opensource technology.

Thanks