"
Hello!
I have a project where i am trying to add OPNsense to our current network topology.
Here are some specs:
- 1 internal customer network with DHCP, nothing special, need to protect clients from outside. Need to have public ips inside (NAT?) (videoconference)
- 5 internal visitor networks with wifi hotspots with ubiquiti and need for public ip address for special clients
At this point we had some old cisco router and there we have config (very spesific) what is divided to two separete "blocks" in routing terminology so (ge0-inbound),(ge1-outbound) vlan 100 were dedicated for internal own network and outbound did have public ip with NAT.
Visitor network vlans had (ge2,inbound)(ge3,outbound) and those have own NATted public ips also.
visitor clients may need public ips so there are some dedicated natted internal ip pointing to public ip
Is there any point to do that all in opnsense and if not, how to add firewall between visitor outbound traffic?
Right now i had removed cables from ge0,ge1 so router is bypassed from internal customer network and opnsense is serving that. Its installed on dedicated gen10 HP server and acting as DHCP server and all working fine, just thinking of what to do that Visitor side..
*Despite from picture above, router outbound traffic doesnt go trough firewall, its directly connected to "pe-ce" network now
I have a project where i am trying to add OPNsense to our current network topology.
Here are some specs:
- 1 internal customer network with DHCP, nothing special, need to protect clients from outside. Need to have public ips inside (NAT?) (videoconference)
- 5 internal visitor networks with wifi hotspots with ubiquiti and need for public ip address for special clients
At this point we had some old cisco router and there we have config (very spesific) what is divided to two separete "blocks" in routing terminology so (ge0-inbound),(ge1-outbound) vlan 100 were dedicated for internal own network and outbound did have public ip with NAT.
Visitor network vlans had (ge2,inbound)(ge3,outbound) and those have own NATted public ips also.
visitor clients may need public ips so there are some dedicated natted internal ip pointing to public ip
Is there any point to do that all in opnsense and if not, how to add firewall between visitor outbound traffic?
Right now i had removed cables from ge0,ge1 so router is bypassed from internal customer network and opnsense is serving that. Its installed on dedicated gen10 HP server and acting as DHCP server and all working fine, just thinking of what to do that Visitor side..
*Despite from picture above, router outbound traffic doesnt go trough firewall, its directly connected to "pe-ce" network now
