CyberSecurity Project

[José Teixeira]

Hey OPNsense enthusiasts!! I am new to this software and firewall configurations in general, I'm working on a project for my cybersecurity course and I have to structure a network for an ecommerce business.

Okay so I went with a back to back firewall architecture since it provide more security, so inbetween these firewalls there is a DMZ. The structure looks like this WAN - > External Firewall - > DMZ - > Internal Firewall - > LAN

Note that I'm doing all of this in the network of my university and in VirtualBox.
The Virtual Machine with the OPNsense software for the external firewall has a "Bridged Adapter" for the WAN and an "Internal Network" adapter for the DMZ. Since there wont be a LAN interface configured for this firewall it was a bit hard getting access to OPNsense's web GUI but I did it through a shell code. ( Should I configure the DMZ as the "LAN" interface in this VM?)

The DMZ will contain services like FTP and Web Server and Email gateway. (Open to suggestions)

Any firewall rules that I should look for in both the WAN and DMZ interface?

Also how will I connect both external and internal firewall through the DMZ?

Thanks for the help!!

[Evianexxy]

Jumping in on this older post because I'm curious how your project evolved. Have you tried using some of the newer OPNsense plug-ins for threat detection or logging since then? I've had good results combining Suricata with better dashboard alerts, but I'm always looking for better setups. Would be great to hear what direction you ended up taking or if you're still building it out.