Messages

I  cannot longer update my OPNsense appliance. 19.1.1 is installed, but cannot upgrade to 19.1.2 or 19.1.3
When checking for new firmware I always get "No address record found for the selected mirror."

System>Settings>General: "Prefer to use Ipv4 even if Ipv6 is available." is checked.

There is a Spanish udemy course on OPNSense here: https://www.udemy.com/opnsense-firewall-fundamentals/
Juliocbc (https://forum.opnsense.org/index.php?action=profile;u=18970) is currently making a Udemy course in Portegese.

If someone would make a good course in English, I would definitely buy it. OPNSense I find it a better product then Pfsense, but many IT'ers I know still stick with Pfsense software since it has more manuals, youtube video's, official trainings,...

Hi Julio

Thanks for your reply. No chance you will make it in English?  :) Every year I go on holiday to Portugal, but my knowledge of Portegese is still limited to: "Bom Dia" and "Obrigado".  8) If it's ready definitely post it in this thread https://forum.opnsense.org/index.php?topic=9382.0, people are looking for good OpnSense documentation.

Comments like: "Can we please stop asuming pfsense actually does help in most modern environments? How does pfsense with suricata protect my webserver or mailserver or whatever if the connections are using SSL... right it doesn't .. This wil make you feel more secure while it doens't really do alot. yes it helps for some things but we all can agree that atleast 30% of your daily traffic is SSL? I work for a relatively small comapny with around 200 users and we average 5300GB of traffic per month with 3700GB of that traffic being SSL(we also host our own webapps and apis etc..)."

Dear OPNsensers

I am using  OPNsense firewalls on different school campuses scince this schoolyear. We are using it for VPN access to compuses, conecting the compuses trough IPsec tunnels, are using traffic shapping and as a statefull firewall.

Now I am looking into IDS/IPS on OPNSense (Suricata). I watched different articles and youtube videos on IDS. Is IDS/IPS still usefull today in a world where most websites are HTTPS, in a world where users are using VPN software on their devices like Nordvpn to anonymize network traffic?

I would like to use IDS/IPS for detecting and preventing students or guests on our network to use automated network hacking tools and blocking out torrent downloads.

Is there someone who can explain the usefulness of IDS/IPS in a school network?

Many regards
IDS noob Klaas

Thanks Bagoline for the info.

So my opnsense firewall is safe from bruteforce attacks when it is only possible to logon to the webinterface from:

• on a specific VLAN which is not accessible for normal users
• or when connected to VPN

Kind regards

Dear

Opnsense uses default sshlockout_pf to lock out brute force from SSH. I woudl like to block brute force attempts to HTTPS webpage of opensense. I tried 30 times in a row to login with a false password voor root and the system still accepts to logon.

My question: Is there a way of maximum login attempts op 5 on HTTPS?

Kind regards

Dear

I am looking for the correct way to setup DNS in the Opnsense. Is there a way to prevent clients form changing their DNS settings to get around Open DNS. Is there a rule/a way to forward all website DNS requests to Open DNS?

A little network scheme in attacchment.

Kind regards and thanks for the advice and help.
Klaas

Thanks franco for the tip! Unfortunately my knowledge of German is non existing.   :)

Dear

The OPNsense documentation is to limited for me.
Udemy has a good basic course, the only downside is that it is in Spanish. (https://www.udemy.com/opnsense-firewall-fundamentals/)

Does anyone knows a good resource?


Kind regards
Klaas