When you click on links to various merchants on this site and make a purchase, this can result in this site earning a commission. Affiliate programs and affiliations include, but are not limited to, the eBay Partner Network.
DellOptiPlex 5070
Network SecurityAppliance/NGFW
Capabilities
VPN: Virtual Private Network (OpenVPN) Can be configuredfor NordVPN or others.
SPI: Stateful Packet Inspection: ZenArmor
DNS Blocklists: ZenArmor, AdGuard Home, Unbound DNS
The ZenArmor stateful packet inspection is what makes thissystem a true NGFW (Next Generation Firewall). It goes beyond simple portblocking. ZenArmor also allows blocking of new domains ( Firstly Seen Sites )that have not been scanned and verified, and parked domains among other things.
BasicHardware
Processor: i3-9100, 4 cores, 3.60GHZ- 4.20GHz
Memory: 16 GB RAM
State Solid Drive: 256GB NVMe SSD
Optical Drive: DVD-RW
Gigabit Ethernet:
1 on motherboard: Intel I219-LM
1 on Intel low profile GbE card (not pictured)
OPTIONAL - 4 on each Gigabit Ethernet card:Dell 0NKW2, Intel I350-T4, Intel Ethernet Controller i350
10Gb Ethernet:
OPTIONAL - 2 on each Intel X520 Dual Port 10GbDA/SFP+ Server Adapter, X520-DA2, Intel 82599 controller
If you would prefer a total of 9 x Gigabit Ethernet, or one Gigabit Ethernet and 4 x SFP+, make an offer specifying that.
OS
Operating System: OPNsense 24.1
(Optionally, OPNsense 24.1 running in Win11Pro Hyper-V VM)
Native Encryption: AES-NI (Intel AES New Instructions)
Graphics: Intel UHD Graphics
TPM Version: TPM 2.0 (Fully supports Bitlocker encryption ifrunning an OPNsense VM in Hyper-V.)
BareMetal vs. Hyper-V
Unless a VM configuration is requested, the system will comewith OPNsense installed as the operating system. I also have experience usingOPNsense in a Win11Pro Hyper-V VM allowing for quick and easy image backups ofthe OPNsense OS or copying the OS to my backup firewall server. Let me know ifyou would like it configured that way. As far as security for the Windows OS,the WAN port is configured as an External network only visible to theOPNsense VM. Windows only has access to secured LAN ports on the other side ofthe firewall.
Configurationand Testing
As shipped, the motherboard RJ45 will be configured as theWAN interface. All other ports will have their own subnets and DHCP servers. This will make it VERY easy to verify which port is which by plugging in a DHCPdevice and noting the assigned subnet. I did this to verify that each portworked, and verify its location.
To remove the network configuration details and reset it todefaults, choose:
System -> Configuration ->Defaults
To remove the SunnyValley repository and Zenarmor, navigateto System -> Firmware -> Plugins.
For help configuring OPNsense, Zenarmor, AdGuard, VPN, andeven running it on Hyper-V if desired, I can provide documentation for that.
Text screenshots are from SSH which was temporarilyenabled. The system will ship with SSH disabled. That can be changed at: System > Settings -> Administration > Secure Shell.
WITH OPTIONAL NETWORK CARDS:
