I've been trying to set up Opnsense transparent bridge for almost a month now (spent over 60 hours). I've been following The Network Guy. I do exactly what he does on the video. When I get to the part where we're almost ready to put the bridge up and going to hit Change (something), I lose everything. Even my maintenance can't get back in. Therefore, I have to start all over again. Last night I was messing with my router (RT-BE86U) and came to realize that it has AiProtection on it, including Two-Way IPS, Malicious Sites Blocking, Infected Device Prevention, and Blocking. Would this prevent me from running the Bridge completely? If so, is there a workaround?
Thanks
IDK, because "AI" can mean anything, so, probably, yes, it may prevent you from running "anything", too.
BTW: Do you still love your router (https://forum.opnsense.org/index.php?msg=253924)?
IMHO, using a router on top of another is a bad thing (tm) in the first place. Having one of these routers do unspecified magic "might" make it even harder. Once you have an unknown variable in the mix (i.e. your first router), you will not get much helpful advice with the other (OpnSense).
Even less so when you use a non-typical setup like a transparent bridge.
Transparent bridge is not a supported or recommended setup for opnsense - or any other router, for that matter.
It is what you do when you can not do anything else.
It eludes my why so many (new) users choose the transparent filtering bridge setup. It is quite advanced, and the benefits are simply not applicable for small home setups.
I would strongly advice against it, or read my updated guide on it to learn more about the scope of that decision:
https://github.com/opnsense/docs/blob/master/source/manual/how-tos/transparent_bridge.rst
Quote from: timlab55 on Today at 02:06:28 PM[...]Even my maintenance can't get back in.[...]
How are you physically connected? (I couldn't determine this offhand from your earlier posts.) I do not use transparent bridging; I use four non-transparent bridges, and I have ~6 physical ports - likely not comparable. I just wouldn't expect an external device to play a role in workstation-to-firewall communication. Are you using the Asus as a LAN distribution device?
Why not set up your bridge as non-transparent (i.e. assign an IP to it)? At least initially; if you have the burning desire to remove it, you can.
I'm an oddball here in that I like bridging. It fits my Internet link, and it has certain flexibility that I value (enough to put up with the disadvantages).