Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
General Discussion
»
Policy Hierarchy in OPNsense?
« previous
next »
Print
Pages: [
1
]
Author
Topic: Policy Hierarchy in OPNsense? (Read 482 times)
nmax
Newbie
Posts: 1
Karma: 0
Policy Hierarchy in OPNsense?
«
on:
March 19, 2024, 08:18:14 pm »
Hi - OPNsense newcomer here.
For the last seven years, I have deployed an Untangle/Arista NGFW at Home instance, which is installed on a recycled Dell Optiplex. It's been an excellent product, but unfortunately Arista (which bought Untangle) is discontinuing the product. I'm zeroing in on OPNsense (+Zenarmor) as a replacement.
While all the docs and community tutorials have been enormously helpful, I do have a lingering question. On the Arista NGFW, it's possible to create a policy hierarchy, and assign devices (with matching criteria) to any policy in that hierarchy. So, you can do something like this:
[Parent] Home Policy <--- Basic Web Filtering, Local SSH, etc.
[Child] Limited Access Policy <--- Whitelist-Based Web Filtering, More Restrictive Firewall Rules, etc.
[Child] Media Devices <--- Basic Web Filtering, Whitelist Selected Ad Domain Matches, etc.
These polices are then assigned to (statically addressed) devices based on their address, MAC, user association - whatever. Arista's NGFW also has a very flexible tagging function (add any labels to any devices for any duration), which made policy application super easy (e.g. apply "limited access" policy to any devices tagged "restricted").
This capability is perhaps the most essential in my setup; namely, I need to be able to assign different rules to different devices.
Is this achievable with OPNsense + Zenarmor, and if so, could anyone point me in the general direction?
Thanks for any information you may be able to provide!
Logged
mimugmail
Hero Member
Posts: 6766
Karma: 494
Re: Policy Hierarchy in OPNsense?
«
Reply #1 on:
March 20, 2024, 07:22:12 am »
If you create aliases for IPs or MAC addresses you can achieve this, yes. It only "costs" a couple of more clicks compared to commercial solutions
Logged
WWW:
www.routerperformance.net
Support plans:
https://www.max-it.de/en/it-services/opnsense/
Commercial Plugins (German):
https://opnsense.max-it.de/
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
General Discussion
»
Policy Hierarchy in OPNsense?