Knowledge primarily, since I’m not running a business.

At this point, like they say in Chips, TLS inspection is standard…

If your enterprise isn’t doing TLS inspection on everything other than banks, medical, gov, they’re doing it wrong.

Some times people think the hard part is getting the CA trust setup, but I find it’s far more tedious to deal with certain sites and mobile apps especially that do certificate pinning.

I like OPN also. I’ve always appreciated the stability of the BSDs.

My only personal complaint with OPN/PF was the TLS inspection.

I’ve read about adding the modules to *Sense, but I haven’t figured out the configuration pieces.

It just works with Sophos UTM and XG firewall, and the configuration was super easy.

You always use what you like though.

This is true, the 6 GB RAM limit and four cores.

I run a pretty enterprise home lab, and I haven’t ever seen the devices hit the resource limit.

I have around 3k IPS rules and TLS inspection for most categories of sites except the normal stuff like streaming, banking, etc that you’d not want or need to inspect.

For anyone it might help, I use these as inline proxies rather than as the gateway at the moment. So they have more than just internet traffic going through them, they also have segments of my LANs getting evaluated. Performance has been great so far.

hates him and sabotages him at every step

Isn’t that also describing his children?

Quick reminder, everyone struggles with wanting to be validated and downvotes by random Lemmy users around the world don’t matter.

Take a breather, touch grass/snow and remember no ones opinion on here matters, especially mine 😉