---
title: "OPNsense - KWA Migration"
author: Petar Cubela
date: March 20, 2025
geometry: margin=1.5cm
output: pdf_document
---
## Base Info

- Deadline: 03.05
- Anzahl User: 15

## Termin

- 11.04, 14.04 - 17.04 (Friday 18.04: Karfreitag); 16.04 Vor-Ort
- 22.04 - 25.04 (Monday 21.04: Ostermontag), 24.04 Vor-Ort


## Angebot Liste

 - Arbeitstunden ausrechnen (40 Stunden)
 - Angebot fuer Lizenzen raussuchen ([Business License](https://shop.opnsense.com/product/opnsense-business-edition/), [Business Support Subscription](https://shop.opnsense.com/product/opnsense-business-support-subscription/))
 - Keine Hardware noetig
 - Wartungspauschale (100 Euro/ Monat) - Wartung und Monitoring was genau???

## Bestehende Hardware

- System: Linux, Memory: 7888 MB, 8 processors
- No PPPoe (done by Fritz)

## Funktionen

- [x] Basis Setup (routing, Generische Einstellung, Firewall Regeln, Authentizierung via AD,..)
- [x] VLANs als Grundlage (MGMT, SRV, CLIENT, WLAN, WLAN-Guest)
- [x] VPN (OpenVPN)
- [x] Free SSL certs (via ACME)
- [ ] Web Proxy (Caching Proxy, Web Filter, Transparent Proxy, SSL Inspection, https de-/encryption) (!NOTE! OPNsense CA needs to be trusted by every client. Distribute via Filewave)
- [ ] OPNsense Antivirus Loesung (Clamav + C-Icap)
- [x] IDS/IPS
- [ ] WAF
- [=] OPNcentral

## Zertifikate

- SSL for https (Let's Encrypt oder gekaufte Wildcard)
- Self Signed for Web Proxy (SSL Inspection)
- Self Signed for OpenVPN