OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • English Forums »
  • General Discussion »
  • OPNcentral viable for MSP?
« previous next »
  • Print
Pages: [1]

Author Topic: OPNcentral viable for MSP?  (Read 1359 times)

clownschiff

  • Newbie
  • *
  • Posts: 15
  • Karma: 1
    • View Profile
OPNcentral viable for MSP?
« on: March 17, 2022, 03:42:14 pm »
I would like to know if someone has enough experience with OPNcentral to tell me if it is viable for a Managed Service Provider scenario.

We have a bunch of customers with OPNsense firewalls that we manage. Now that OPNcentral is out of beta, we are considering to manage the customer firewalls with it. It would be enough to just trigger updates and see the general status of the firewall and the most important services. Configuration would still be made on the firewall itself.

There are two things that come to my mind, that could make it difficult for us:
  • We don't want to establish a "management vpn" to our customers if this is necessary.
  • Some of the clients don't have static WAN IPs.

Are these two points necessary or are there some other restrictions that could make problems?
Logged

Meik

  • Newbie
  • *
  • Posts: 13
  • Karma: 1
    • View Profile
Re: OPNcentral viable for MSP?
« Reply #1 on: May 01, 2022, 04:48:45 pm »
Hi clownschiff,

For MSP, it's partly usable.
Best with a stand-alone instance (not using as Firewall only for managing / OPNcentral).

All or nothing from a category is the thing  :-\
For every OPNsense select from the Provision classes you want to deploy.
E.g. Aliases - create Aliases, all Aliases deployed on every selected OPNsense.

(Aliases, Auth Servers, Captive Portal, Certificates, Cron, DHCPD, DHCPDv6, DHCPv4: Relay, DHCPv6: Relay, Dashboard, Dnsmasq DNS, Firewall Categories, Firewall Groups, Firewall Log Templates, Firewall Rules, Firewall Schedules, IPsec, Intrusion Detection, Monit System Monitoring, NAT, Netflow / Insight, Network Time, OpenSSH, OpenVPN, Shaper, Static Routes, System Tunables, Unbound DNS, Users and Groups, Wake on LAN, Web GUI, Web Proxy, WireGuard)

- VPN is not necessary, access the Web Interface from the OPNcentral running Host must be given, every way is ok ;).
Create a Allow List for your static IPs where the OPNcentral is running, allow Access from WAN on the Client side.
- You can use DYNDNS-Address if no Static IP is available.

For Firmware overview it's ok, to central show the status of Services, and Resources this makes it easy for an overview.

Best Regards - ADI
Logged
  • Print
Pages: [1]
« previous next »
  • OPNsense Forum »
  • English Forums »
  • General Discussion »
  • OPNcentral viable for MSP?
 

OPNsense is an OSS project © Deciso B.V. 2015 - 2024 All rights reserved
  • SMF 2.0.19 | SMF © 2021, Simple Machines
    Privacy Policy     | XHTML | RSS | WAP2