1.2 KiB
1.2 KiB
Introduction
Goal: Propose a UTM firewall based on the opnsense operating system to the customer. Make "Bundles" including different kind of features with different price tags:
Features
Main
- Base setup (routing, generic config, firewall rules, vlans, authentication via ad, etc...)
- VPN (standard OpenVPN)
- Free SSL certs (via ACME and Lets Encrypt) with auto-renewal
- Web Proxy (Caching Proxy, Web Filter, Transparent Proxy, SSL inspection, managed TLS exclusion, https de-/encryption) (!NOTE!: opnsense ca needs to be trusted from every client, which can be distributed by a GPO rule)
- Extend Feature of OPNsense Antivirus (with clamav + c-icap)
- IDS/IPS Protection via Suricata
Not implemented yet
- Mail Protection via Mail Relay on OPNsense
- WAF
Optional
- DynDNS
- Backup of config to google cloud, git or nextcloud (standard is backup locally and to opncentral)
OPNProxy-Plugin extends Web Proxy to fine grained control of user/group access to certain domains/urls
Bundles
Level 1
- Base
- VPN
- SSL certs (can be managed centrally by opncentral and pushed to specific customers when needed)
Level 2
- Web Proxy + Antivirus
- IDS/IPS Protection
Level 3
- Mail Protection
- WAF