Hi, Sorry about the question I see this one alot, searched the forum, tried to troubleshoot but been staring at this issue so long I might be missing something obvious.
I am configurig my first vlan for what will be a slightly complicated setup.
Trying to setup an initial managment vlan on the LAN interface. So going simple first to check all is good before applying a more complex setup. Unfortunatly I have already hit a bit of a roadblock.
I am getting a DHCP address on the endpoint from the dhcp server on the vlan interface in question (LAN_MGMT). I can also see this endpoint address in the leases for the dhcp server on LAN_MGMT.
Endpoint is on an access port with VLAN 10 assigned, so I am sure the network is configured correctly.
I can also see the in the firewall logging live view the rule applied on the LAN_MGMT interface when I try to go to the LAN_MGMT IP. Both 80 and 443 depending if I use the LAN_MGMT ip with or without https://
Here is the steps I did:
Created vlan as device vlan0.1.10 and Tag 10 on the LAN interface (igc1)
Added to Interfaces through assignments named LAN_MGMT, set a static IPv4 within the subnet I will use and enabled it.
Added a copy of the default allow all rule to the LAN_MGMT Interface changing source interface to LAN_MGMT.
Configured DHCP on the LAN_MGMT interface and enabled.
Ensured the 'Listen Interface' is set to All (reccomened) (Also tried just LAN, LAN_MGMT), in the settings.
I have reset states in Firewall
Rebooted Firewall
Assigned a static IP on the endpoint in the LAN_MGMT subnet trying both no gateway and gateway of the LAN_MGMT
I still can not ping the LAN_MGMT interface, or get to the webgui
My setup is on version 23.7.
Kinda at a loss and worndering if I have missed something obvious.
If you copy the default allow LAN to any rule to another interface, you have to change the interface and the source network. Allowing LAN net on interface LAN_MGMT won't work.
Cheers
Maurice
Hi, thanks for the reply, but a little confused by this and the reply.
The rule as I stated below is:
Added a copy of the default allow all rule to the LAN_MGMT Interface changing source interface to LAN_MGMT.
I have also tried creating the rule from scratch.
Also, I don't want LAN net on the LAN_MGMT and I am not enabling it.
Are you saying the only way to get to the Opensense GUI is through LAN??
Apologies a bit confused..
Sorry, but your description is confusing.
Am I right, you created VLAN10 on top of your default (non-VLAN) LAN interface?
Have you configured your switch where this interface is physically connected accordingly? VLAN1 untagged and VLAN10 tagged?
If not, then why are you wondering?
When you create a VLAN you have to configure ALL affected components to use this VLAN properly.
If yes, what means "endpoint"? A PC or something like this? Is your switch able to properly use VLANs?
/KNEBB
Hi,
I'm having an identical issue. IP issued by DHCP but FW rules seemingly don't do anything.
Did you figure this out in the end?