Few days ago the new version of the popular Firewall distribution OPNsense 20.7 and in which the main novelty that stands out is the Update of the implementation of the network intrusion detection and prevention system Meerkat 5.
For those unaware of OPNsense they should know that this is a fork of the pfSense project, created with the objective of forming a completely open distribution that could have functionality at the level of commercial solutions to implement firewalls and network gateways.
About OPNsense
Unlike pfSense, eThe project is positioned as not controlled by a company, developed with the direct participation of the community and has a completely transparent development process.
The base distribution is based on the HardenedBSD 12.1 code, which maintains a synchronized fork of FreeBSD, which integrates additional protection mechanisms and techniques to counter exploit vulnerabilities.
Among the possibilities that OPNsense can distinguish fully open the build tool the ability to install as packages on an ordinary FreeBSD, load balancer, web interface for organizations to connect users to the network (captive portal).
There are also stateful connection mechanisms (pf-based stateful firewall) set bandwidth limits, filter traffic, create VPN based on IPsec, OpenVPN and PPTP, integration with LDAP and RADIUS, support for DDNS (dynamic DNS), a visual and graphical reporting system .
In addition, distribution provides tools to create fault tolerant configurations based on the use of the CARP protocol and allows you to start an additional node in addition to the main firewall, which will automatically synchronize at the configuration level and take over the load in the event of a primary node failure.
For the administrator, it offers a modern and simple interface to configure the Firewall, created using the Bootstrap web framework.
The source code of the components of the distribution, as well as the tools used for the construction, are distributed under the BSD license.
As for the the system images these are formed as from LiveCD, although a system image is also distributed to write to Flash drives.
What's new in OPNsense 20.7?
This new version arrives with few changes, but it is still an important version, since the system base in this new version has been updated with HardenedBSD 12.1, a fork of FreeBSD 12.1, which integrates additional security mechanisms and anti-exploitation techniques. .
Also, as mentioned at the beginning, the most outstanding feature of the new version is the update of Suricata to its version 5.
With this update we will be able to find new analysis and registration modules for protocols RDP, SNMP and SIP.
In addition to being in HTTP inspection mode, all the situations described in the HTTP Evader test suite are fully covered.
Another improvement received with Zuricata 5 is the support for the client authentication method TLS JA3 support for JA3S method is added.
And it also stands out that the code has been rewritten to capture traffic using the framework by Netmap and with that was added the ability to use advanced Netmap functions, such as a VALE virtual switch.
Of the other changes that stand out:
- Added support for DHCPv6 Multi-WAN to connect through multiple channels.
- It is possible to define your own pages displayed in case of connection errors through a web proxy.
- Added a report with a tree-shaped representation of information about network connections.
- Implemented API for firewall management.
- Improved options for filtering records on the fly.
Download the new version of OPNsense 20.7
Si do you want to get this new version only You must go to its official website and in the download section you can get the link to download this new version.
The images were prepared in the form of a LiveCD and a system image for writing to Flash drives, the image size is approximately 420MB.
OPNSense vs pfSence? which one should I select?