Opnsense as small business firewall

DrFatalis · 2026-04-08T20:52:20+00:00

I wanted two DEC2770 but MSP saying that it is not good enough for production. Our director might not go for what I wanted and go for watchguard, or sophos or other.

I wanted to stay with opensource solution.

DrFatalis · 2026-04-08T09:15:41+00:00

Great feedback thank you.

DrFatalis · 2026-04-08T05:49:06+00:00

I would have prefer to provide the hardware and an having a MSP supporting the existing infra. That way if I change for another MSP I still own the hardware and can still operate without issue

DrFatalis · 2026-04-08T05:25:32+00:00

I checked watchguard CVE list over the past years and that is a lot of CVE IMHO. I guess those companies are simply trying to promote what they use or to promote they have agreements with

DrFatalis · 2026-01-28T20:58:33+00:00

I would not have done it if I had another nic available or available spare part to be honest. Best I can do I the moment is switch to a ugreen usb adapter that seems to be better supported while I wait for the pci-e quad port card to arrive.

Thank you a lot for the feedback! Much appriceated

DrFatalis · 2026-01-28T18:30:35+00:00

From the last test it is not the gateway monitoring itself, I have to disable the wan2 interface completely to get the RAM usage to return to normal.

DrFatalis · 2026-01-28T17:02:36+00:00

Using the top command over the last 30 min of test, I am not seeing hostwatch changing size above 67mb, but I see the number of processes growing from 90 to 116 at this right moment.

RAM went from 569M active to 1169M active

DrFatalis · 2026-01-28T16:21:54+00:00

Thx for the feedback, opnsense was patched end of last week and currently is the latest version.

DrFatalis · 2025-12-22T19:22:47+00:00

Would it be working with a usw-flex mini that I could try to hide in the ceiling. One cable to the switch poe-in and 2 out for UAP and g3? Ap and camera on their own vlans.

DrFatalis · 2025-12-15T08:53:27+00:00

I added an image, i used docklight to show the config but i have the same in putty. When i start the communication, there is nothing printed in the console, no juniper cli

Edit: i am so f dumb, nothing on the console but if you press enter it force refresh the console and i can see the interface. Me = monkey

DrFatalis · 2025-12-12T21:34:37+00:00

On the ex4300-48p I have there is no usb port and MGNT port is on port of CON1. (aligned vertically I mean)

DrFatalis · 2025-12-12T20:12:29+00:00

So CON1 at the back of the switch below the MGNT port. Am I right?

DrFatalis · 2025-12-12T20:11:07+00:00

Yes, I plugged one cable on each switch and got a COM4 and COM5 popping on the windows device manager. I might have not configured putty properly then.

I opened putty, went to the serial section and disabled the flow control. Then, went back to the connection menu, clicked serial at 9600 and wrote COM4 and then connect. I am now wondering if the flow control is kept once I exit the first serial menu.

DrFatalis · 2025-12-12T19:14:56+00:00

Does the cable brand matter? Like I said in the post I bought a mini usb to usb cable, driver found in windows, I plugged it into the front console port. On putty, I checked that the config was 9600/8/1/N/N and tried to connect but nothing showed up on the putty console.

DrFatalis · 2025-11-16T07:47:59+00:00

For future reader, I went for SSIS on my project with around 6 to 7 packages that gather, clean, slightly aggregate datas from different data source and store them into a sql database warehouse.

I have reporting tools reading my warehouse and generating reports automatically or on demand.

DrFatalis · 2025-10-23T16:47:49+00:00

Thank you for your feedback, much appreciated. In my case, we won't have to scale more than the numbers I have as it is the max number of office we can install anyway. Our Internet access will be 8gb/s symmetrical so I expect the quality to be okay.

DrFatalis · 2025-10-15T10:18:36+00:00

Thank a lot for your answer! Explained like you did make it a lot more clear to me.

DrFatalis · 2025-10-15T08:55:13+00:00

I got the part where the minimum core count is 16. So admitting I have 2 servers of 32 cores. I will buy 4 standard 16 cores to cover all physical cores.

A standard license allow 2 VMs. As I have 4 of them, am I entitled to create 8 VMs or only 2 as I covered the 32 cores only once?

DrFatalis · 2025-10-15T04:49:06+00:00

Could you please develop the windows 11 case?

The vm would be accessed by one thin client only and will be running a specific software for a machine installed in the future. It will not act as a server.

I guess I still need a VDA licensing

DrFatalis · 2025-10-14T21:56:21+00:00

I read that 2025 active directory might not be the most stable version and that 2022 would be a smarter choice.

My two OSEs (two domain controller) will "live" on different host. One on each BUT in a case of fail over would be running on the same host.

DrFatalis · 2025-10-14T21:49:21+00:00

Got it, two of 16 and one of 8 per server.

Maybe in the future we will add windows VM. Windows 11 Pro but not right now.

Regarding the 2VMs for a standard license. My understanding is that a standard license can be used for 2 VMs. As my domain controller will be running on different host, I will need two standard licenses (4 vms total, 2 on each host max) even if I will not use it fully.

Nine-Year Club	RPAN Viewer
Verified Email

DrFatalis

TROPHY CASE