Do I need Business subscription for all firewall to be manage by OPNcentral?

[v01ded]

Dear All,

I'm planning to deploy a number OPNsense devices across a number of sites and wishes to centrally manage these firewall via OPNcentral. Do I need to get the Business subscription for every OPNsense device? Or can I do with just 1 business license for the one with OPNcentral installed?

Apologies if this question has been answered

Stanley

[Monviech (Cedrik)]

I'm using OPNcentral too, and from my understanding for it to work, each of the firewalls needs the os-opncentral plugin, which is only available in the business repo. That would mean that each firewall needs the license.

I also tried to add a community edition before but that didn't work right for me.

https://docs.opnsense.org/vendor/deciso/opncentral.html

[mimugmail]

Yep, you need an active license on the managed device too.

[v01ded]

Thank you mimugmail and Monviech for the information.

[franco]

Technically you don't need an active license (that is only for updates). The way this works is there is a business core plugin which offers additional services for the OPNcentral plugin. The business core plugin is always installed so these can be managed via a single OPNcentral instance. Think of it as the client/server split... the clients are installed in all business editions and the server only needs to be set up for one box (and this one doesn't necessarily have to be an active firewall).


Cheers,
Franco

[bkazee]

Hi Franco

Let me get this right, on expiration of a business license on a node, I can still manage that node remotely with OPNCentral cloud?

[franco]

Sure, but you can no longer update that node so sooner or later you need to stop updating all of them because individual settings and sync targets will diverge as newer releases are pulled on some systems but not others.


Cheers,
Franco

[d.ohlin]

Sure, but you can no longer update that node so sooner or later you need to stop updating all of them because individual settings and sync targets will diverge as newer releases are pulled on some systems but not others.


Cheers,
Franco

Just to be clear on this - obviously all the firewalls in active production (functionally) need an active business license to be able to remotely update, manage, etc.  But does the actual management node also require yet another active business license?  Or can this one just be a vanilla VM install of opnsense business edition since it does no firewall activity and just serves solely as a management node?  Sorry if I'm misunderstanding something, I just want to make sure I'm on the same page.  Thank you!

[franco]

You can try but mind you OPNcentral gets updated too and may require fixes for newer versions or the data handling requires changes between it and the nodes. As stated before it's a good idea to keep all versions in sync.


Cheers,
Franco

[Greg_E]

There is a fine line between technical truth and practical truth. From what I'm reading, it is technically possible for a time to do this without an active license. From a practical side you need an active license on all devices to keep things working smoothly.

[franco]

> There is a fine line between technical truth and practical truth.

I agree with that, yet I'd like to point out the problem of the question: It asks for assurance for something to be true in the future.

It's technically possible to say if this worked in practice in the past years, but no technical assessment or guarantee can be given for future compatibility.


Cheers,
Franco