Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
General Discussion
»
Questions Before I Try OPNsense
« previous
next »
Print
Pages: [
1
]
Author
Topic: Questions Before I Try OPNsense (Read 2850 times)
NORVIN
Newbie
Posts: 5
Karma: 0
Questions Before I Try OPNsense
«
on:
May 17, 2019, 06:47:03 pm »
I have a couple of questions before I try OPNsense. Presently, we use a FortiNet 200B firewall, but it is old and doesn't do a very good job of filtering HTTPS websites. So I am thinking about trying OPNsense instead. This is going to be in a school setting with about 1,000 users possibly.
1) Can users be added to where if a website is blocked by OPNsense, they can override the block and go to the website? This is nice if a teacher needs to access something. We allow them to use Facebook during breaks and lunch, but want students off of it.
2) Will the firewall block HTTPS sites like Facebook, Twitter, etc., but allow an override?
3) Do certificates need to be installed on computers for HTTPS filtering?
4) Are there categories of things to allow automatically, block but allow with override, and block? FortiNet has categories in it I can allow or block. We allow Facebook with an override, but not obviously bad websites.
5) We do 10.0.0.X/16 and have 10.0.2.1-10.0.254.254 for DHCP. Can I specify IP addresses to automatically bypass the firewall? Specifically, block the DHCP addresses but allow static IP addresses like 10.0.0.25 or 10.0.1.55 and so on not in the DHCP range?
Logged
NORVIN
Newbie
Posts: 5
Karma: 0
Re: Questions Before I Try OPNsense
«
Reply #1 on:
May 21, 2019, 12:09:58 am »
So it does none of those things?
Logged
hbc
Hero Member
Posts: 501
Karma: 47
Re: Questions Before I Try OPNsense
«
Reply #2 on:
May 21, 2019, 07:19:21 am »
1+2) The problem is your wish for overwrites.
3) Not for SNI only filtering, for content of course
4) With sensei plugin yes, overwrites not possible yet. Later with premium license
5) Really? Nearly a class B subnet for just 1000 users? Sure you can assign static ips outside the dhcp scope. You can even create several dhcp scopes.
I think you have a problem with your network design. You should separate into subnets and use different rule sets. Restricted for pupils, more open for teachers. Then no need for all these overwrites.
Logged
Intel(R) Xeon(R) Silver 4116 CPU @ 2.10GHz (24 cores)
256 GB RAM, 300GB RAID1, 3x4 10G Chelsio T540-CO-SR
NORVIN
Newbie
Posts: 5
Karma: 0
Re: Questions Before I Try OPNsense
«
Reply #3 on:
May 21, 2019, 03:43:22 pm »
1,000 users? No. It should support 65,534 users. Different subnets I think would be too much trouble since network resources need to be accessed by all.
I just need a firewall OS that allows users who have accounts (staff) to override if an override is allowed.
Logged
hbc
Hero Member
Posts: 501
Karma: 47
Re: Questions Before I Try OPNsense
«
Reply #4 on:
May 21, 2019, 07:04:41 pm »
Quote
This is going to be in a school setting with about 1,000 users possibly.
Sounded like 1000 users.
65534 users in one flat network? Broadcast hell.
Logged
Intel(R) Xeon(R) Silver 4116 CPU @ 2.10GHz (24 cores)
256 GB RAM, 300GB RAID1, 3x4 10G Chelsio T540-CO-SR
mimugmail
Hero Member
Posts: 6766
Karma: 494
Re: Questions Before I Try OPNsense
«
Reply #5 on:
May 21, 2019, 09:59:39 pm »
You really should spin up a VM and check the Proxy settings If it fits your needs.
Logged
WWW:
www.routerperformance.net
Support plans:
https://www.max-it.de/en/it-services/opnsense/
Commercial Plugins (German):
https://opnsense.max-it.de/
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
General Discussion
»
Questions Before I Try OPNsense
