Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
General Discussion
»
firewal rules active directory based
« previous
next »
Print
Pages: [
1
]
Author
Topic: firewal rules active directory based (Read 3233 times)
sashok60
Newbie
Posts: 5
Karma: 0
firewal rules active directory based
«
on:
April 17, 2020, 09:48:13 am »
Good afternoon, is it possible in the future to see the firewall for users and groups of Active Directory?
That would be very good for anyone using the Active Directory environment.
Logged
bartjsmit
Hero Member
Posts: 2017
Karma: 194
Re: firewal rules active directory based
«
Reply #1 on:
April 17, 2020, 09:54:01 am »
You likely want to do this externally and implement rules through the API, I guess.
Bart...
Logged
sashok60
Newbie
Posts: 5
Karma: 0
Re: firewal rules active directory based
«
Reply #2 on:
April 17, 2020, 09:58:43 am »
I want to specify in the firewall rules Active Directory "user" or "group" as the source
Logged
bartjsmit
Hero Member
Posts: 2017
Karma: 194
Re: firewal rules active directory based
«
Reply #3 on:
April 17, 2020, 11:27:47 am »
For which settings? There is a RADIUS plugin for AD authentication.
Logged
sashok60
Newbie
Posts: 5
Karma: 0
Re: firewal rules active directory based
«
Reply #4 on:
April 17, 2020, 12:55:32 pm »
I want to use Active directory groups and users in the firewall rules from LDAP (for example from
System: Access: Servers)
Logged
hbc
Hero Member
Posts: 501
Karma: 47
Re: firewal rules active directory based
«
Reply #5 on:
April 17, 2020, 10:15:15 pm »
Without any 3rd party agent on your ad server, this won't work. How should OPNsense know which user belongs to which ip?
For web traffic you can use proxy with ldap authentication, else there exists sensei where you need an agent software on your directory server. But for sophisticate rules, you need a premium license and at least in our ad environment, the agent did not map properly. It just recognized 3 users.
Even commercial firewalls needs some kind of agent software either on ad or clients. I think Franco started a little private project for an agent on client that uses api to allow access for special users.
Logged
Intel(R) Xeon(R) Silver 4116 CPU @ 2.10GHz (24 cores)
256 GB RAM, 300GB RAID1, 3x4 10G Chelsio T540-CO-SR
sashok60
Newbie
Posts: 5
Karma: 0
Re: firewal rules active directory based
«
Reply #6 on:
April 18, 2020, 08:52:54 am »
sorry, I did not ask correctly
I want to use Active directory groups and users in the firewall rules for openVPN clients with LDAP authentication
Logged
sashok60
Newbie
Posts: 5
Karma: 0
Re: firewal rules active directory based
«
Reply #7 on:
April 18, 2020, 09:04:09 am »
generally the user's IP address can be found in Active Directory in the security log, but there is no such mechanism in OPNsense
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
General Discussion
»
firewal rules active directory based