2.0 KiB
2.0 KiB
Sbx Office IP
- 213.160.17.142/28
- 213.160.17.141
Generic Checklist
- Set WAN - generic DHCP
- Set LAN - generic 192.168.1.1
- timezone: Europe/Berlin
- Set Hostname (OPNsense) , domain name (localhost)
- ntp server
- static dns setup
- std sbxadmin user
- enable assess log (system -> settings -> administration)
- LAN Bridge - generic all ports in bridge except igc1 (second port) is WAN port
- enable ssh: enable, DO NOT permit root login, permit password login, port: 22
- firewall rules (LAN, WLAN, WLAN Guest {drop packets to LAN} ), std port activation
- local backups
- add office public ip as trusted (wan only reachable via office ip)
Optional
- web filtering
- http scanning
- application control
- ssl/tls inspection
- ssl certificates
Mandatory Plugins
- OPNcentral (for central management)
Special Checklist
- add license TO: system -> firmware -> settings
- WAN - static config or pppoe or whatever
- LAN - ip network
- domain name (gw.domain.tld)
- ldap server config
- system update on first boot! (WITH BUSSINES LICENSE)
- setup dhcp server if used
- connect to opncentral
- create backups to opncentral
- setup ldap server
- setup openvpn server with authentication via ldap
OPNsense Importer
"All Full Images have the OPNsense Importer feature that offers flexibility in recovering failed firewalls, testing new releases without overwriting the current installation by running the new version in memory with the existing configuration or migrating configurations to new hardware installations."
- Create generic standard config to import at each customer install.
OPNcentral Provisioning
We can use OPNcentral to provision the configuration of the customer's device, which is probably more useful than using the importer. Has to be tested.
Notes
- ATTENTION: On first initial install bussines license has to be configured before updating!!
- DNS Servers: Cloudflare