Hello All
my setup
Opnsense act as gateway
switch usw lite 8 poe
two unifi u6 pro wireless ap
From opnsense have setup a bunch of Vlan parent with my lan network
i have created the interfaces, dhcp server and firewall rules for every single Vlan.
on the firewall rules i have the rule which block the connection to internal private ip.So i should be isolated from the rest of my network.
That is strange because i can ping any other vlans and the firewall
this is something that i need to modify from the switch side? or i need to buy a unify switch that support the ACl capability.
Im confuse.
Anybody encore in this scenario.
please help
Quote from: opnessense on July 06, 2025, 06:46:19 PMon the firewall rules i have the rule which block the connection to internal private ip. (https://ip.so/)
The screenshot just shows a rule, which allow anything else, but not block rule.
Do you have a floating rule or one on an interface group, which this one is a member of, allowing the access? Remember that these rules have precedence over interface rules.
The idea was, that there is any other rule allowing the traffic.
If only the shown rules are applied to the interface, I don't expect, that OPNsense replies to pings from it.
You can also try to flush the states.
hi viragomann
how i flush the states in opnsense
Don't sit in front of a GUI, but should be anywhere in Firewall > Diagnostic > States.
thanks i found it.
i found a strange rule set to the floating rule allow anything from anywhere.
i delete this rule now my vlan are isolated.
Thanks for the support Guys
Run a pcap to see if the ping to OPNsense enters on the expected interface.
Interfaces > Diagnostic > Packet Capture
Select "InternalVM" and ICMP for the protocol and start the capture. Then try to ping the OPNsense interface from a connected device and check the result after.
If there is nothing the leak might be outside of OPNsene.