Il n'y a aucun produit dans votre devis
OPNsense, AMD GX-415GA Quatre Coeurs 1.5 GHz, 4 Go
DECISO - OPN20075R
Attention : dernières pièces disponibles !
Date de disponibilité:
OPNsense® comprend la plupart des fonctionnalités disponibles dans les firewalls commerciaux coûteux, voir plus dans de nombreux cas. Voici une liste des caractéristiques de OPNsense actuelle. Toute les manipulations se sont depuis une interface utilisateur graphique moderne, sans recourir à la ligne de commande. Le GUIest créé en utilisant le fameux Framework Bootstrap.
A stateful firewall is a firewall that keeps track of the state of network connections (such as TCP streams, UDP communication) traveling across it. The firewall is programmed to distinguish legitimate packets for different types of connections. Only packets matching a known active connection will be allowed by the firewall; others will be rejected. More information can be found in this wiki.
The firewall’s state table maintains information on your open network connections. OPNsense is a stateful firewall, by default all rules are stateful. Most firewalls lack the ability to finely control your state table. OPNsense has numerous features allowing granular control of your state table, thanks to the abilities of OpenBSD’s pf.
Network address translation (NAT) is a methodology of modifying network address information in Internet Protocol (IP) datagram packet headers while they are in transit across a traffic routing device for the purpose of remapping one IP address space into another. More information can be found in this wiki.
PPTP / GRE Limitation – The state tracking code in pf for the GRE protocol can only track a single session per public IP per external server. This means if you use PPTP VPN connections, only one internal machine can connect simultaneously to a PPTP server on the Internet. A thousand machines can connect simultaneously to a thousand different PPTP servers, but only one simultaneously to a single server. The only available work around is to use multiple public IPs on your firewall, one per client, or to use multiple public IPs on the external PPTP server. This is not a problem with other types of VPN connections. PPTP is insecure and should no longer be used.
Traffic shaping (also known as “packet shaping”) is the control of computer network traffic in order to optimize or guarantee performance, lower latency, and/or increase usable bandwidth by delaying packets that meet certain criteria. More specifically, traffic shaping is any action on a set of packets (often called a stream or a flow), which imposes additional delay on those packets such that they conform to some predetermined constraint (a contract or traffic profile).
Captive Portal allows you to force authentication, or redirection to a click through page for network access. This is commonly used on hot spot networks, but is also widely used in corporate networks for an additional layer of security on wireless or Internet access. For more information on captive portal technology in general, see the Wikipedia article on the topic. The following is a list of features in the OPNsense Captive Portal.
“Reverse” portal, i.e. capturing traffic originating from the Internet and entering your network, is not possible.
Only entire IP and MAC addresses can be excluded from the portal, not individual protocols and ports.
VLANs are virtual LAN segments of a managed switch, and when OPNsense is plugged into a trunk port it can utilize VLANs to have multiple virtual interfaces, one for each available VLAN. In this manner, you can have OPNsense talk to a large number of networks without the need for more physical interfaces.
More information about VLAN’s in this wiki.
A virtual private network (VPN) extends a private network across a public network, such as the Internet. It enables a computer to send and receive data across shared or public networks as if it is directly connected to the private network, while benefiting from the functionality, security and management policies of the private network.
More information can be found in this wiki.
Because of limitations in pf NAT, when the PPTP Server is enabled, PPTP clients cannot use the same public IP for outbound PPTP connections. This means if you have only one public IP, and use the PPTP Server, PPTP clients inside your network will not work. The workaround is to use a second public IP with Advanced Outbound NAT for your internal clients. See also the PPTP limitation under NAT on this page.
Dynamic DNS (DDNS) is a method of automatically updating a name server in the Domain Name System (DNS), often in real time, with the active DNS configuration of its configured hostnames, addresses or other information. For more information see this wiki.
A Dynamic DNS client is included to allow you to register your public IP with a number of dynamic DNS service providers.
The Common Address Redundancy Protocol or CARP is a protocol which allows multiple hosts on the same local network to share a set of IP addresses. Its primary purpose is to provide failover redundancy, especially when used with firewalls and routers. In some configurations CARP can also provide load balancing functionality. For more information see this wiki.
CARP from OpenBSD allows for hardware failover. Two or more firewalls can be configured as a failover group. If one interface fails on the primary or the primary goes offline entirely, the secondary becomes active.
OPNsense includes configuration synchronization capabilities, so you make your configuration changes on the primary and they automatically synchronize to the secondary firewall.
pfsync ensures the firewall’s state table is replicated to all failover configured firewalls. This means your existing connections will be maintained in the case of failure, which is important to prevent network disruptions.
Only works with static public IPs, does not work with stateful failover using DHCP, PPPoE, or PPTP type WANs.
The Dynamic Host Configuration Protocol is used by computers for requesting Internet Protocol parameters, such as an IP address from a network server.
The protocol operates based on the client-server model. For more information take a look at this wiki.
OPNsense includes both DHCP Server and Relay functionality.
Reporting & Monitoring
The RRD graphs in OPNsense maintain historical information on the following:
Historical information is important, but sometimes it’s more important to see real time information.
SVG graphs are available that show real time throughput for each interface.
For traffic shaper users, the Status -> Queues screen provides a real time display of queue usage using AJAX updated gauges.
The front page includes AJAX gauges for display of real time CPU, memory, swap and disk usage, and state table size.
|CPU||AMD GX-415GA 1.5 Ghz Quad Core|
|Ports Ethernet||4x GbE [Intel® 82574L]|
|Port de gestion à distance||Non|
|Stockage||SD 16 Go|
|Pare-feu total Débit||~2500bps|
|Maximum paquets par seconde||~210.000 PPS|
|Maximum du port par débit||~940Mbps|
|Maximum débit VPN||IPsec: ~109Mbps (AES256) OpenVPN: ~200Mbps (AES256) / ~233Mbps (AES256+LZO)|
|Maximum Sessions simultanées||1.500.000|
|Maximum VLANS||4093 [au dessus de 50: restrictions de l'interface graphique]|
|Dimensions [L x H x P]||485 x 44 x 335mm|
|Boitier||Montage en rack|
|Inclus dans le colis||Montage en rack (19"rack appliance), Câble d'alimentation, câble de configuration, Guide de démarrage rapide, DVD avec firmware & outils|
|Puissance et mécanique|
|Source de courant||Integrée à la norme avec prise 3-pin C14, AC 100~240V@50Hz~60Hz|
|Certifications et OS|
|Conformité réglementaire||FCC part 15 Class A, CE, Rohs|
|Stockage & Conditions de fonctionnement||fonctionnement: 0 jusqu'à +45°C / 10 jusqu'à 90% r. H. non cond., Stockage: -20 jusqu'à +70°C / 5 jusqu'à 95% r. H. non cond.|