Show Posts
1
General Discussion / Questions Before I Try OPNsense
« on: May 17, 2019, 06:47:03 pm »
I have a couple of questions before I try OPNsense. Presently, we use a FortiNet 200B firewall, but it is old and doesn't do a very good job of filtering HTTPS websites. So I am thinking about trying OPNsense instead. This is going to be in a school setting with about 1,000 users possibly.
1) Can users be added to where if a website is blocked by OPNsense, they can override the block and go to the website? This is nice if a teacher needs to access something. We allow them to use Facebook during breaks and lunch, but want students off of it.
2) Will the firewall block HTTPS sites like Facebook, Twitter, etc., but allow an override?
3) Do certificates need to be installed on computers for HTTPS filtering?
4) Are there categories of things to allow automatically, block but allow with override, and block? FortiNet has categories in it I can allow or block. We allow Facebook with an override, but not obviously bad websites.
5) We do 10.0.0.X/16 and have 10.0.2.1-10.0.254.254 for DHCP. Can I specify IP addresses to automatically bypass the firewall? Specifically, block the DHCP addresses but allow static IP addresses like 10.0.0.25 or 10.0.1.55 and so on not in the DHCP range?
1) Can users be added to where if a website is blocked by OPNsense, they can override the block and go to the website? This is nice if a teacher needs to access something. We allow them to use Facebook during breaks and lunch, but want students off of it.
2) Will the firewall block HTTPS sites like Facebook, Twitter, etc., but allow an override?
3) Do certificates need to be installed on computers for HTTPS filtering?
4) Are there categories of things to allow automatically, block but allow with override, and block? FortiNet has categories in it I can allow or block. We allow Facebook with an override, but not obviously bad websites.
5) We do 10.0.0.X/16 and have 10.0.2.1-10.0.254.254 for DHCP. Can I specify IP addresses to automatically bypass the firewall? Specifically, block the DHCP addresses but allow static IP addresses like 10.0.0.25 or 10.0.1.55 and so on not in the DHCP range?