firewal rules active directory based

Started by sashok60, April 17, 2020, 09:48:13 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions
April 17, 2020, 09:48:13 AM
Good afternoon, is it possible in the future to see the firewall for users and groups of Active Directory?
That would be very good for anyone using the Active Directory environment.
April 17, 2020, 09:54:01 AM #1
You likely want to do this externally and implement rules through the API, I guess.

Bart...
April 17, 2020, 09:58:43 AM #2
I want to specify in the firewall rules Active Directory "user" or "group" as the source
April 17, 2020, 11:27:47 AM #3
For which settings? There is a RADIUS plugin for AD authentication.
April 17, 2020, 12:55:32 PM #4
I want to use Active directory groups and users in the firewall rules from LDAP (for example from
System: Access: Servers)
April 17, 2020, 10:15:15 PM #5
Without any 3rd party agent on your ad server, this won't work. How should OPNsense know which user belongs to which ip?

For web traffic you can use proxy with ldap authentication, else there exists sensei where you need an agent software on your directory server. But for sophisticate rules, you need a premium license and at least in our ad environment, the agent did not map properly. It just recognized 3 users.

Even commercial firewalls needs some kind of agent software either on ad or clients. I think Franco started a little private project for an agent on client that uses api to allow access for special users.
Intel(R) Xeon(R) Silver 4116 CPU @ 2.10GHz (24 cores)
256 GB RAM, 300GB RAID1, 3x4 10G Chelsio T540-CO-SR
April 18, 2020, 08:52:54 AM #6
sorry, I did not ask correctly
I want to use Active directory groups and users in the firewall rules for openVPN clients with LDAP authentication
April 18, 2020, 09:04:09 AM #7
generally the user's IP address can be found in Active Directory in the security log, but there is no such mechanism in OPNsense
Print
Go Up Pages1
User actions