## Introduction
Goal: Propose a UTM firewall based on the opnsense operating system to the customer.
Make "Bundles" including different kind of features with different price tags:

### Features

#### Main
- Base setup (routing, generic config, firewall rules, vlans, authentication via ad, etc...)
- VPN (standard OpenVPN)
- Free SSL certs (via ACME and Lets Encrypt) with auto-renewal 
- Web Proxy (Caching Proxy, Web Filter, Transparent Proxy, SSL inspection, managed TLS exclusion, https de-/encryption) (!NOTE!: opnsense ca needs to be trusted from every client, which can be distributed by a GPO rule)
	- Extend Feature of OPNsense Antivirus (with clamav + c-icap)
- IDS/IPS Protection via Suricata 

#### Not implemented yet
- Mail Protection via Mail Relay on OPNsense 
- WAF 

#### Optional
- DynDNS
- Backup of config to google cloud, git or nextcloud (standard is backup locally and to opncentral)
- `OPNProxy`-Plugin extends Web Proxy to fine grained control of user/group access to certain domains/urls

### Bundles

#### Level 1

- Base
- VPN
- SSL certs (can be managed centrally by opncentral and pushed to specific customers when needed)

#### Level 2

- Web Proxy + Antivirus
- IDS/IPS Protection

#### Level 3

- Mail Protection
- WAF