Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
General Discussion
»
Best protection setup for encrypted traffic? Best network segmentation?
« previous
next »
Print
Pages: [
1
]
Author
Topic: Best protection setup for encrypted traffic? Best network segmentation? (Read 166 times)
Default4408
Newbie
Posts: 9
Karma: 1
Best protection setup for encrypted traffic? Best network segmentation?
«
on:
October 17, 2024, 06:08:24 am »
Hello, I'm new to firewalls and have a few questions.
1. I run a commercial VPN locally on my devices and use encrypted DNS (DoH & DoT). Since my traffic is encrypted, what free and open source tools and settings are recommended to fortify my network's security? From my understanding, IDS/IPS and next gen firewall solutions aren't useful with encrypted traffic and getting them to work with a VPN is complicated and prone to issues. Are there any other tools or settings that are recommended?
2. What method is the recommended method to segment the the LAN and OPT1 interfaces so that LAN can communicate with OPT1 but OPT1 can't contact LAN? I plan on reserving OPT1 as a guest/untrusted network and assume this is the optimal setup. Please correct me if I'm wrong.
Any input is much appreciated!
Logged
charles.adams
Newbie
Posts: 21
Karma: 0
Re: Best protection setup for encrypted traffic? Best network segmentation?
«
Reply #1 on:
October 29, 2024, 12:14:25 am »
I can't answer question 1 but as to question 2 I would say you'd want to use a firewall run on LAN that lets all LAN net sources reach OPT1 network ports but on the OPT1 Firewall inbound rule you'd only have the OPT network source be able to reach the a inverted alias for RFC1918 addresses. Or perhaps another method you like to have OPT1 reach the internet in the firewall that doesn't let it reach the LAN net.
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
General Discussion
»
Best protection setup for encrypted traffic? Best network segmentation?