Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
General Discussion
»
Firewall reporting
« previous
next »
Print
Pages: [
1
]
Author
Topic: Firewall reporting (Read 375 times)
fathibn
Newbie
Posts: 23
Karma: 0
Firewall reporting
«
on:
August 19, 2024, 10:24:34 am »
Hi,
One of our firewalls is a Fortigate that i have been asked to replace with another one less expensive and I hope it could be Opnsense.
Of course some people, inside my company argue that few products can compete with that brand. My arguments are that opensense can repond to our needs without trying to compare both products feature by feature.
The following is just a suggestion.
One of the features of the above brand is a daily security report, which looks like this:
Security Analysis
Report Date: August 16, 2024 14:00
Data Range: 2024-08-15 00:00 2024-08-15 23:59 GMT+1 (FAZ local)
Table of Contents
Bandwidth and Applications 3
Traffic Bandwidth 3
Number of Sessions 3
Top Applications by Bandwidth 3
Top Applications by Sessions 4
Top Users by Bandwidth 4
Top Users by Sessions 4
Top Destination by Bandwidth 4
Top Destination by Sessions 5
DHCP Summary 5
Top Wifi Client by Bandwidth 5
Traffic History by Number of Active Users 5
Web Usage 6
Top 20 Most Active Users 6
Top 20 Most Visited Categories 6
Top 50 Most Visited Sites 6
Top 10 Online Users 6
Top 10 Categories 6
Top 50 Sites By Browsing Time 6
Top 20 Bandwidth Users 7
Top 20 Categories By Bandwidth 7
Top 50 Sites (and Category) by Bandwidth 7
Top 20 Most Blocked Users 9
Top 20 Most Blocked Categories 9
Top 50 Most Blocked Sites 9
Emails 10
Top Senders by Number of Emails 10
Top Recipients by Number of Emails 10
Top Senders by Combined Email Size 10
Top Recipients by Combined Email Size 11
Threats 12
Malware Detected 12
Malware Victims 12
Malware Source 12
Botnet Detected 12
Botnet Victims 12
Botnet C&C 12
Botnet C&C Detected by DNS Filtering 12
Intrusions Detected 13
Intrusion Victims 14
Intrusion Sources 14
VPN Usage 15
VPN Traffic Usage Trend 15
VPN User Logins 15
Authenticated Logins 15
Failed Login Attempts 15
Top Dial-up VPN Users 16
Top Sources of SSL VPN Tunnels by Bandwidth 16
Top SSL VPN Tunnel Users by Bandwidth 16
Top SSL VPN Web Mode Users by Duration 16
Top SSL VPN Users by Duration 16
Top Users of IPsec VPN Dial-up Tunnel by Bandwidth 16
Top Site-to-Site IPsec Tunnels by Bandwidth 16
Top Dial-up IPsec Tunnels by Bandwidth 16
Top Dial-up IPsec Users by Bandwidth 16
Top Dial-up IPsec Users by Duration 17
Admin Login and System Events 18
Login Summary 18
Login Summary By Date 18
List of Failed Logins 18
Events by Severity 18
Events by Date 18
Critical Severity Events 18
High Severity Events 19
Medium Severity Events 19
Appendix A 20
Devices 20
And my question is : is there inside the opnsense installation a central repository to collect all this data so it could be possible later to extract it and generate a corresponding report. I know, the sensei plugin generates and sends such reports but they are not so exhaustive as the fortigate ones.
TIA
Fathi B.N.
Logged
Seimus
Hero Member
Posts: 611
Karma: 60
Re: Firewall reporting
«
Reply #1 on:
August 19, 2024, 10:50:16 am »
By default OPNsense has in-build netflow which is used by Insight. Insight can be exported. It does flows as well sum-up graphs per certain types of traffic.
However if its export sum-up you are looking for I think it provides just the flows. From which you could do graphs.
https://docs.opnsense.org/reporting.html
https://docs.opnsense.org/manual/how-tos/insight.html
Regards,
S.
Logged
Networking is love. You may hate it, but in the end, you always come back to it.
OPNSense HW
APU2D2 - deceased
N5105 - i226-V | Patriot 2x8G 3200 DDR4 | L 790 512G -
VM HA(SOON)
N100 - i226-V | Crucial 16G 4800 DDR5 | S 980 500G -
PROD
fathibn
Newbie
Posts: 23
Karma: 0
Re: Firewall reporting
«
Reply #2 on:
August 22, 2024, 01:08:24 pm »
Thank you.
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
General Discussion
»
Firewall reporting