I have a new Opnsense setup that is replacing Microsoft Forefront TMG 2010. In TMG i have configured
multiple VLANs (for WiFi and Wired Network )as "Internal Networks" with specified ranges. Also these
VLANs are configured in "Network Topology Routes" with following settings as an example
Network Destination: 192.168.180.0
Netmask: 255.255.255.0
Gateway: 192.168.200.2 (configured a specific port on a CISCO switch as a Gateway between VLANs and TMG)
The above settings are of one VLAN out of other VLANs.
I have a dedicated DHCP server for IP distribution over Wifi and Wired Networks as all Wifi APs and
Workstations are DHCP clients. There are few that are statically assigned.
I have OpnSense as my gateway to my ISP. I use one NIC as my "LAN" with IP 192.168.200.1
Therefore my query is how I can configure Opnsense similar to TMG configurations (i-e "Networks" and
"Routing") ?
I have tried but with only initial basic settings internet is working on directly connected system to Opnsense
installed system but when I connect this Opnsense system to CISCO switch internet connectivity don't work
over Wifi or other workstations.
System > Gateways - define your Cisco as a gateway.
System > Routes - set the routes using that gateway.
Quote from: Patrick M. Hausen on September 11, 2023, 10:15:56 AM
System > Gateways - define your Cisco as a gateway.
System > Routes - set the routes using that gateway.
Thanks for the reply. I tried but it didn't work.
In Gateways there are two Gateways 1. WAN 2. LAN (CISCO)
Also set the Routes ---> Network Address: 192.168.1.0/24 & Gateway: 192.168.4.2
Please elaborate on "didn't work".
What do your LAN firewall rules look like? If you use anything like "LAN net", that does not include your new routed internal networks. Similarly for your NAT rules on WAN.
Didn't work mean I made settings in Opnsense "Gateways" and "Routes". In Gateways there are two Gateways 1. WAN_GW (upstream gateway) and 2. LAN_GW. When i directly connected to Opnsense system via static IP, "Internet" works fine but when i connect LAN cable to CISCO switch on defined port "Internet" doesn't work.
Sorry I am new to Opnsense so i don't know about the detailed configuration settings. I am using the automatically generated Firewall Rules for LAN (i-e "LAN net") and WAN (No WAN rules are currently defined. All incoming connections on this interface will be blocked until you add a pass rule. Exceptions for automatically generated rules may apply)
So you need to create an additional LAN rule - or change the one already existing - not to use "LAN net" but instead an alias containing all of your routed networks. "LAN net" is the directly connected LAN. Everything else is denied.
Equally you need to switch from automatic NAT to hybrid or manual and create NAT rules on WAN for all your networks.
The fact that the routes exist is not sufficient.