Messages

I have attached a pic, is this design optimal from a BGP and redundancy standpoint?

The reason for the switches on the outside of the firewalls is because the ISPs are only giving us a single port on their routers

Thank you for that reply.

Lastly, efforts are underway to change backend functionality to Python where possible

That's great to hear, I had no idea.

I know this will probably sound crazy, and would be a huge challenge, however:

I believe that PHP has had its day. Now is a great time to move on. I believe that OPNsense would be a much better product if it was refactored/re-written in Go. OPNsense would seem right up Golang's alley.

Besides "It's hard" or "It takes too much time", why would OPNsense not want to drop php for golang??

Last week we changed from our old pfsense box to our new OPNsense box. All of the interfaces were configured identically. However yesterday we had to switch back.

We noticed lots of problems: DNS resolution was super slow, SSIS packages were not getting through (picture examples), smtp relaying not working. I will explain one of the issues below.

Scenario:
An MS-SQL server (209.xxx.xxx.152) sends data from an SSIS package to an AWS RDS instance.
Here's how that correctly looks in wireshark on the old pfsense box.



Here's how it looks on the OPNsense box, nothing outside of the server has changed:



Another odd thing is that the OPNsense box seems to be rewriting the packet to make it look like it's coming from itself.



Does anyone have insight as to what might be going on here? An additional detail is that we do not run NAT on this network.