Messages

Thanks very much for the info.

I went into the LAN interface and disabled the IPV4 addressing (I don't use IPV6) as you suggested and everything seems to be fine.  As a result of this change I did find a weird DNS problem where querying router.localdomain returned a AAAA record that contained the IP addresses of the OPNsense box on all interfaces.  To fix this I went to Services > Unbound DNS > General and enabled "Do not register system A/AAAA records".  I then created an override in Services > Unbound DNS > Overrides to return the IP address on my primary VLAN for queries for router.localdomain.

As a final precaution I created a replica of the antilockout rule on the firewall for my primary VLAN just in case.

Thanks again

When I was setting up my OPNsense install I was learning as I went and I think I have ended up making some errors in the configuration of the VLANs against the physical interfaces and I would like to understand how to fix it without tearing everything down and starting again.

I am using an HP T620+ thin client with a 4 port Intel NIC

During the install em0 on the Intel NIC was used for the WAN and em1 was used for the LAN.
I have then created 4 VLANs (opt1, opt2, opt3, opt4) using em1 as the parent.
The LAN network still exists and is using the IP range 192.168.1.0/24 which I believe is the default.  All of the VLANs are using 10.69.x.0/24.  The box responds on 192.168.1.1 and traffic can use the LAN network.

My questions are:
Can I remove the LAN network as it is redundant in my set up and if so how?
Would it be better to disable rather than remove the LAN network?
Will removing or disabling the LAN network have any detrimental effects on the configuration?  i.e. anti-lockout rules etc.
How should I have configured things from the start? Should I have used the LAN network instead of one of the separate VLANs that I created?

If I haven't provided enough info then please let me know.

Thanks in advance