Hey y’all, I have a small network with opnsense firewall, a unify ap, some client in different subnets, vpn, DNS and some servers.
As I am completely self thought, I got everything to run reading the docs and forums, but I have no idea how to test if what I build is safe and stable.
Are there good up to date tools, or checklists one could follow to audit the different parts of the network (most important the opnsense config)?
What do you check if looking for security issues?
The network mostly relies on client separation through different subnets on different vlans, but I fear I dont understand how for example the vpn and the nas work together in detail to be sure there is no security implication I oversee.
Also: how do you handle client authentication for devices on the same subnet? I know IP/mac-adress ARP entries are easily spoofed and therefore not secure, but I haven’t seen how to do it correctly

Well I have separate subnets for separate vlans. Connections between them get blocked by the firewall by default from my understanding, but to be safe I explicitly deny all outbound AND inbound connections, so I have to make a rule for each of two subnets if I want inter subnet communication, which is the case for the shared media server. If I do that I whitelist which IPs can reach which IPs on the different subnet. There still is the problem that different clients on the same network can "steal"the IP of other clients with more permissions. That’s why I asked about authentication