Location via proxy:   [ UP ]  
[Report a bug]   [Manage cookies]                
Scribd Logo
Upload

Welcome to Scribd!

  • 40 views

    Open Source NGFW Solution (Public)

    Uploaded by

    haris

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd

    Open Source NGFW Solution (Public)

    Uploaded by

    haris
    40 views17 pages

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Download as pdf or txt
    40 views17 pages

    Open Source NGFW Solution (Public)

    Uploaded by

    haris

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Download as pdf or txt
    You are on page 1of 17

    NEXT-GEN FIREWALL

    WITH

    PREPARED BY EDU-ART @2023


    • OPNsense is an open source, easy-to-build FreeBSD based firewall and routing platform
    • Started as a fork of pfSense® and m0n0wall in 2014, with its first official release in January 2015
    • The project is founded by Deciso B.V.
    • Web-based interface and can be used on the x86-64 platform
    • Includes most of the features available in expensive commercial firewalls, and more in many cases
    • Offers weekly security updates and fixed release cycle of 2 major releases each year
    • Next Generation Firewall capabilities utilizing Zenarmor plugin developed by Sunny Valley Networks
    FEATURE HIGHLIGHTS

    DASHBOARD
    OPNsense offers a dashboard
    feature to quickly check the status
    of your OPNsense Firewall.
    Shown is the latest version with
    drag and drop multi collumn
    support.
    FEATURE HIGHLIGHTS

    Aliases & GeoLite


    Country Database
    By using Aliases you can group
    mulitple IP's or Host into one list, to
    be used in firewall rules.
    Additionally IP or Hostnames can be
    fetched from external URLs,
    examples are DROP (Do Not Route
    Or Peer), Abuse.ch's Ransomware
    tracker and Maxmind GeoLite2
    Country database.
    FEATURE HIGHLIGHTS

    Stateful Firewall
    A stateful firewall is a firewall that
    keeps track of the state of network
    connections (such as TCP streams,
    UDP communication) traveling across
    it. OPNsense offers grouping of
    Firewall Rules by Category, a great
    feature for more demanding
    network setups.
    FEATURE HIGHLIGHTS

    Traffic Shaper
    Traffic shaping within OPNsense is
    very flexible and is organised
    around pipes, queues and
    corresponding rules. The pipes
    define the allowed bandwidth, the
    queues can be used to set a weight
    within the pipe and finally the rules
    are used to apply the shaping to a
    certain package flow.
    FEATURE HIGHLIGHTS

    Intrusion Detection &


    Prevention
    The inline IPS system of OPNsense is
    based on Suricata and utilises
    Netmap to enhance performance
    and minimize cpu utilisation. This
    deep packet inspection system is
    very powerful and can be used to
    mitigate security threats at wire
    speed.
    Integrated support for
    EmergingThreat Open rules, SSL
    Blacklist (SSLBL), A project
    maintained by abuse.ch, etc.
    FEATURE HIGHLIGHTS

    DNS Security
    You can use the DNSCrypt-Proxy as
    a full-featured standalone DNS
    instead of Unbound or Dnsmasq. This
    setup has the advantage that you do
    not need a forwarder solution for
    encrypting DNS requests or the
    usage of DNSBL.
    DNS resolve with malware blocking,
    filters out ads, trackers and
    malware, supports DNSSEC, and
    much more.
    MORE HIGHLIGHTS : Zenarmor (Sensei)
    Zenarmor is a plugin for the OPNsense which provides state-of-art next-generation features,
    developed by Sunny Valley Networks
    MORE HIGHLIGHTS : Zenarmor

    Essential Security Protection (Free)


    Blocks access to hacking sites, phishing servers,
    potentially dangerous sites, malware activity,
    and more…
    MORE HIGHLIGHTS : Zenarmor

    Application Controls (Free)


    Zenarmor’s Application Control engine uses App DB that
    contains dynamic signatures to classify the connections more
    accurately. Applications are grouped into categories to
    make it easier to apply policies. Categories includes :
    • Email • Online Utility
    • File Transfer • Proxy
    • Gaming • Remote Access
    • Generic TCPIP • Search Engine
    • Infrastructure Services • Secure Web Browsing
    • Instant Messaging • Social Network
    • Media Streaming • Software Updates
    • Mobile Applications • Storage & Backup
    • Network Management • System & OS
    • News • VOIP
    • Online Education • Web Browsing
    • Online Shopping • Etc.
    MORE HIGHLIGHTS : Zenarmor

    Web Controls
    The engine provide a more specific and focused policy
    management for HTTP and HTTPS (Web) based connections.
    Free license of Web Control comes with two predefined
    categories: Moderate and High Control.

    Moderate Control (Free) High Control (Free)


    • Adult • Moderate Control plus…
    • Advertisements • Alcohol and Tobacco
    • Hate/Violence/Illegal • Blogs and Forums
    • Illegal Drugs • Chats and Dating Sites
    • Pornography • Games and Gambling
    • Job Search
    • Online Video and Storage
    • Social Networks
    • Software Downloads
    • Swimsuits and Underwear
    MORE FEATURES
    OPNsense Features a complete high-end security platform for free.

    • Authentication: AD, LDAP, Radius, Captive Portal, 2FA


    • VPN Server: IPSec, OpenVPN, WireGuard
    • High Availability: Common Address Redundancy Protocol (CARP)
    • Proxy: Web Cache, SOCKS, NGINX, HAProxy
    • DNS Server: Unbound, Dnsmasq, DNSCrypt
    • SSL Certificate Authorities Management
    • NAT: Port Forward, One-to-One, Outbound
    • Backup & Restore System Configuration
    • Reporting & Monitoring: Netflow, Monit, NTOP
    • And much more plugins available.
    OPNSENSE IMPLEMENTATION

    OPNsense can run on any x86_64 systems :


    • Minimum dual-core CPU and 1 GB RAM

    Mini PC with 2 NIC or more

    Micro Firewall Appliance

    As a Virtual Machine
    OPNSENSE IMPLEMENTATION

    LAN Users OPNsense NGFW SDWAN System


    CONCLUSION

    • OPNsense is a complete and low-cost solution for SMBs and Enterprises security system.

    • OPNsense is easy to use and easy to build on x86_64 systems.

    • OPNsense provides network visibility with minimal effort.

    • OPNsense allows the IT Team to easily implement and enforce Internet Policy within the company.
    TERIMA KASIH

    You might also like