first commit
This commit is contained in:
40
projects/OPNsense/opnsense-proposal-draft.md
Normal file
40
projects/OPNsense/opnsense-proposal-draft.md
Normal file
@@ -0,0 +1,40 @@
|
||||
## Introduction
|
||||
Goal: Propose a UTM firewall based on the opnsense operating system to the customer.
|
||||
Make "Bundles" including different kind of features with different price tags:
|
||||
|
||||
### Features
|
||||
|
||||
#### Main
|
||||
- Base setup (routing, generic config, firewall rules, vlans, authentication via ad, etc...)
|
||||
- VPN (standard OpenVPN)
|
||||
- Free SSL certs (via ACME and Lets Encrypt) with auto-renewal
|
||||
- Web Proxy (Caching Proxy, Web Filter, Transparent Proxy, SSL inspection, managed TLS exclusion, https de-/encryption) (!NOTE!: opnsense ca needs to be trusted from every client, which can be distributed by a GPO rule)
|
||||
- Extend Feature of OPNsense Antivirus (with clamav + c-icap)
|
||||
- IDS/IPS Protection via Suricata
|
||||
|
||||
#### Not implemented yet
|
||||
- Mail Protection via Mail Relay on OPNsense
|
||||
- WAF
|
||||
|
||||
#### Optional
|
||||
- DynDNS
|
||||
- Backup of config to google cloud, git or nextcloud (standard is backup locally and to opncentral)
|
||||
- `OPNProxy`-Plugin extends Web Proxy to fine grained control of user/group access to certain domains/urls
|
||||
|
||||
### Bundles
|
||||
|
||||
#### Level 1
|
||||
|
||||
- Base
|
||||
- VPN
|
||||
- SSL certs (can be managed centrally by opncentral and pushed to specific customers when needed)
|
||||
|
||||
#### Level 2
|
||||
|
||||
- Web Proxy + Antivirus
|
||||
- IDS/IPS Protection
|
||||
|
||||
#### Level 3
|
||||
|
||||
- Mail Protection
|
||||
- WAF
|
||||
Reference in New Issue
Block a user