Topics

1

Intrusion Detection and Prevention / E-mail when alert or drop

« on: October 12, 2019, 02:18:26 pm »

I am using Surricata as IDS/IPS on several OPNSense firewalls, which is running great. Now I am cheking once a month the firewalls for alerts/drops. Is it possible to configure OPNsense to email when an Surricata alert occured?

I have been reading to setup monit, but this seems only for Firewall system alerts.

2

General Discussion / Captive Portal - no username

« on: September 23, 2019, 09:47:08 am »

Dear

We have been setting op a guest wireless network with the captive portal in OPNsense. The vouchers which are created in OPNsense are username - password.
Is there a way to set up a captive portal with only a password? It would be more userfriendly for guests.

Kind regards

3

General Discussion / IP helper adress

« on: August 25, 2019, 09:02:35 am »

What is the correct way to configure an IP helper adress in OPNsense?

We are using WDS+MDT for imaging our computers. The WDS server is on VLAN 1, computer clients are on other VLAN's. Microsoft advices to use IP helper adress instead of DHCP options to make imaging possible across VLANs
Our setup DHCP: each VLAN has its DHCP server running in OPNsense.

Kind regards

4

General Discussion / Opnsense 20.1 roadmap

« on: August 20, 2019, 12:08:45 pm »

I am following the OPNsense project close by and running several OPNsense firewalls. Is there news on the development of OPNsense 20.1 is there already a roadmap? Is there also a correct place to make suggestions?

Kind regards

5

General Discussion / FTP over TLS

« on: March 27, 2019, 10:29:00 am »

We use Filezilla to manage our website hosting. The webhosting uses FTP over TLS.  (see attachement)
I can't get FTP over TLS working on our internal network. I have the following allow rule in our network ( see attachement.

Does it mean I have to setup FTP proxy, as described here: https://forum.opnsense.org/index.php?topic=3868.0

6

General Discussion / Firewall rule: webtraffic

« on: March 19, 2019, 01:53:11 pm »

I have been using Watchguard firewalls for the past few years. Scince a couple of months I am using an OPNsense appliance. In Watchguard you have the option to use "any-external".
So a rule for webtraffic firewall rule in Watchguard would be:
source: vlan-guest    destination: any-external  ports:80/443 TCP/UDP 

In OPNsense you don't have the any-external option, so this means you allow webtraffic to all other VLANs aswell. (see the picture in enclosure).

How can i define my webtraffic rule more securely? (I don't whish to use proxy's).

7

19.1 Legacy Series / [SOLVED] Cannot update

« on: March 12, 2019, 09:43:28 am »

I  cannot longer update my OPNsense appliance. 19.1.1 is installed, but cannot upgrade to 19.1.2 or 19.1.3
When checking for new firmware I always get "No address record found for the selected mirror."

System>Settings>General: "Prefer to use Ipv4 even if Ipv6 is available." is checked.

8

Intrusion Detection and Prevention / Intrusion Detection and Prevention usefulness

« on: March 05, 2019, 03:59:11 pm »

Dear OPNsensers

I am using  OPNsense firewalls on different school campuses scince this schoolyear. We are using it for VPN access to compuses, conecting the compuses trough IPsec tunnels, are using traffic shapping and as a statefull firewall.

Now I am looking into IDS/IPS on OPNSense (Suricata). I watched different articles and youtube videos on IDS. Is IDS/IPS still usefull today in a world where most websites are HTTPS, in a world where users are using VPN software on their devices like Nordvpn to anonymize network traffic?

I would like to use IDS/IPS for detecting and preventing students or guests on our network to use automated network hacking tools and blocking out torrent downloads.

Is there someone who can explain the usefulness of IDS/IPS in a school network?

Many regards
IDS noob Klaas

9

General Discussion / Howto disable brute force login

« on: March 04, 2019, 02:49:26 pm »

Dear

Opnsense uses default sshlockout_pf to lock out brute force from SSH. I woudl like to block brute force attempts to HTTPS webpage of opensense. I tried 30 times in a row to login with a false password voor root and the system still accepts to logon.

My question: Is there a way of maximum login attempts op 5 on HTTPS?

Kind regards

10

General Discussion / OpenDNS setup

« on: February 22, 2019, 02:15:03 pm »

Dear

I am looking for the correct way to setup DNS in the Opnsense. Is there a way to prevent clients form changing their DNS settings to get around Open DNS. Is there a rule/a way to forward all website DNS requests to Open DNS?

A little network scheme in attacchment.

Kind regards and thanks for the advice and help.
Klaas

11

Tutorials and FAQs / OPNsense Manual

« on: February 18, 2019, 02:33:11 pm »

Dear

The OPNsense documentation is to limited for me.
Udemy has a good basic course, the only downside is that it is in Spanish. (https://www.udemy.com/opnsense-firewall-fundamentals/)

Does anyone knows a good resource?


Kind regards
Klaas