Messages

I lose connection to the WEBGUI when I apply the suggested firewall rule 5.

Have multiple vlans which save me by switching access to the next vlan when was locked out of the opnsense WEBGUI.  Was using the guide https://docs.opnsense.org/manual/how-tos/multiwan.html and do not know what I am doing.  I only have DNS from the WAN nothing onsite.

Below are the configurations:

Step 1
System: Gateways: Single
     Name    Interface    Protocol    Priority    Gateway    Monitor IP    RTT    RTTd    Loss    Status    Description    
WAN2_DHCP (active)    WAN2    IPv4    254    IPDHCP    72.21.91.19    23.4 ms    0.4 ms    0.0 %    Online
   
Interface WAN2_DHCP Gateway    
      WAN1_DHCP    WAN1    IPv4    254    IPDHCP    208.67.220.220    37.4 ms    2.0 ms    0.0 %    Online
   Interface WAN1_DHCP Gateway

Step 2
System: Gateways: Group
Name    Gateways    Description    
WAN_FAILOVERGROUP    
Tier 1    WAN2_DHCP, Online
Tier 2    WAN1_DHCP, Online

Step 3
prefer IPv4 selected
DNS server Wan 1 1.1.1.1
DNS server WAN 2 1.0.0.1

DNS server options overridden by DHCP selected

Step 4 apply and 5 apply in created vlan 4 firewall
      in block IPv4 *    *    *    LAN2 net    *    *    *       
      in block IPv4 *    *    *    vlan5guest net    *    *    *       
      in block IPv4 *    *    *    vlan2 net    *    *    *       
      in block IPv4 *    *    *    vlan10 net    *    *    *       
      in block IPv4 *    *    *    vlan3 net    *    *    *       
      in block IPv6 *    *    *    *    *    *    *       
      out pass IPv4 TCP/UDP    *    *    vlan4 net    53 (DNS)    *    *    LocalRout_DNS    
      in pass IPv4 TCP/UDP    *    *    192.168.4.1    53 (DNS)    *    *    LocalRout_DNS    
      in pass IPv4 *    *    *    *    *    WAN_FAILOVERGROUP    *       

When I do step 5 and apply I lose connection to the opnsense WEBGUI and can still use internet.  I have not tried to see if the failover works yet by pulling the plug on a WAN.

When I lose the WEBGUI I switch to a different vlan and can get to the WEBGUI again.

Am I still protected with firewall in rest of vlans and wan?  Is failover set correctly? Any suggestions would be helpful.
Thanks

Never mind the error.  I cut and paste when did not work and decided to input manually and it went through after I posted this.  OOPS!

I am going through my list of bad evil IP addresses (intercepted by Norton Trojan.Danabot) and incorporate into my group policy blocking INbound to WAN LAN VLAN which did not let me add the following IP with error:

The following input errors were detected:

    35.205.124.153 is not a valid source IP address or alias.

Any reason why this would happen?  When manual input of IP what number next to it (1-32) should I select?

Also would like to see more undo or cancel option after clicking check marks in the GUI.  Many times there is no option to cancel and are prompted to apply changes that I do not want to proceed with.

Also would be nice to see every intrusion policy and that the check marks stay as going through the pages.  Annoying that they are no longer selected after leaving page and going to the next page of the same.

Thanks for making this available for everyone and I do enjoy it so far as it is my first deployed firewall.

That is exactly what I needed to do for my issue.
Now my next task is digging deep into this forum to find easy solutions setting up firewall and blocking vlans from one another including adding some other security policies.

Thank you for your quick and "very clear" help!

Need some guidance.  Replacing working RV320 (gets all tags and untagged default vlan 1 shut) to opnsense to take over FIREWALL, DHCP, VLANS, ROUTING for layer 2 Cisco switch and Cisco Mobility AP's. 

Need native lan in TRUNK PORT and can do this using the RV320 but do not know how to do this in opnsense.

..."All access points, including the primary AP, in a Mobility Express network should be in the same L2 broadcast domain. Management traffic must not be tagged.

The switch port to which the primary AP is connected can be a trunk port or an access port and must be configured to trunk Native VLAN for management traffic. Data traffic must be trunked with appropriate VLANs for local switching as well.

How can I do this (receive untagged packets) so traffic tagged and untagged get to the opnsense box on one port sharing multiple vlans with native trunk port with the untagged at the same time.Need also point untagged to a DHCP server (10.10.10.1)  I set up the vlans in opnsense but cannot get untagged to a DHCP server and for that matter cannot create a lone standing DHCP server in opnsense.

I tried all kinds of ways to no avail.

Thank you in advance.