41 lines
1.2 KiB
Markdown
41 lines
1.2 KiB
Markdown
## Introduction
|
|
Goal: Propose a UTM firewall based on the opnsense operating system to the customer.
|
|
Make "Bundles" including different kind of features with different price tags:
|
|
|
|
### Features
|
|
|
|
#### Main
|
|
- Base setup (routing, generic config, firewall rules, vlans, authentication via ad, etc...)
|
|
- VPN (standard OpenVPN)
|
|
- Free SSL certs (via ACME and Lets Encrypt) with auto-renewal
|
|
- Web Proxy (Caching Proxy, Web Filter, Transparent Proxy, SSL inspection, managed TLS exclusion, https de-/encryption) (!NOTE!: opnsense ca needs to be trusted from every client, which can be distributed by a GPO rule)
|
|
- Extend Feature of OPNsense Antivirus (with clamav + c-icap)
|
|
- IDS/IPS Protection via Suricata
|
|
|
|
#### Not implemented yet
|
|
- Mail Protection via Mail Relay on OPNsense
|
|
- WAF
|
|
|
|
#### Optional
|
|
- DynDNS
|
|
- Backup of config to google cloud, git or nextcloud (standard is backup locally and to opncentral)
|
|
- `OPNProxy`-Plugin extends Web Proxy to fine grained control of user/group access to certain domains/urls
|
|
|
|
### Bundles
|
|
|
|
#### Level 1
|
|
|
|
- Base
|
|
- VPN
|
|
- SSL certs (can be managed centrally by opncentral and pushed to specific customers when needed)
|
|
|
|
#### Level 2
|
|
|
|
- Web Proxy + Antivirus
|
|
- IDS/IPS Protection
|
|
|
|
#### Level 3
|
|
|
|
- Mail Protection
|
|
- WAF
|