1
20.7 Legacy Series / Migrating from Check Point SMB to OPNsense - Need some guidance
« on: December 06, 2020, 12:14:21 am »
Hello,
I've owned several Check Point SMB devices, since 2011, and for the cost of about $200-$250 per year I have been extremely happy with their equipment and support. Being a retired HIM software consultant, I am fully aware of the value of commercial support services, and I have been astounded by the amount of time they have given me, on a few occasions. Sadly, Check Point no longer wants to service individuals, which they once did via an online store, when I started with them in 2011.
The last thing I want to do is waste the time of IT professionals, yet I also understand that if someone were seeking expertise in my area of IT, I would likely be willing to share my knowledge, if for no other reason than to exercise that knowledge. Anyway, my point is that I will always do my best to try to solve my own problems before asking for help. Generally, this fact can be proven within the course of discussing the issues. I am not a networking expert, but after 30 years of keeping a home network alive, I understand enough to know when I've gotten good advice. So, here's my inquiry:
I'm looking for a guide to help me with a baseline configuration of OPNsense. When using the Check Point SMB devices, they would pretty much much have the bases covered for a customer to follow an initial wizard and end up with a satisfactory configuration that only included a total of 2 inbound and 3 outbound, auto-generated firewall rules. This was evidenced by looking in the security logs at the numerous, dropped IP addresses from entities I never made outbound contact with. OPNsense has created a total of 15 auto-generated rules for a single WAN and a single LAN interface, and this seems excessive to me.
I'm simply looking for a method to feel initially secure, so any help would be greatly appreciated.
I've owned several Check Point SMB devices, since 2011, and for the cost of about $200-$250 per year I have been extremely happy with their equipment and support. Being a retired HIM software consultant, I am fully aware of the value of commercial support services, and I have been astounded by the amount of time they have given me, on a few occasions. Sadly, Check Point no longer wants to service individuals, which they once did via an online store, when I started with them in 2011.
The last thing I want to do is waste the time of IT professionals, yet I also understand that if someone were seeking expertise in my area of IT, I would likely be willing to share my knowledge, if for no other reason than to exercise that knowledge. Anyway, my point is that I will always do my best to try to solve my own problems before asking for help. Generally, this fact can be proven within the course of discussing the issues. I am not a networking expert, but after 30 years of keeping a home network alive, I understand enough to know when I've gotten good advice. So, here's my inquiry:
I'm looking for a guide to help me with a baseline configuration of OPNsense. When using the Check Point SMB devices, they would pretty much much have the bases covered for a customer to follow an initial wizard and end up with a satisfactory configuration that only included a total of 2 inbound and 3 outbound, auto-generated firewall rules. This was evidenced by looking in the security logs at the numerous, dropped IP addresses from entities I never made outbound contact with. OPNsense has created a total of 15 auto-generated rules for a single WAN and a single LAN interface, and this seems excessive to me.
I'm simply looking for a method to feel initially secure, so any help would be greatly appreciated.