Messages

Thanks. Given that I'm currently using TP Link, I don't really require anything special.  I would need 2 that can take heat.  One is in my attic and one is in my detached garage.  I'm using TP-Link EAP225 Omada AC1350 for those and the TP-Link AX1800 WiFi 6 Router V4 (Archer AX21) for the indoor ones.

I have 1 AP on LAN1, 3 on LAN2, and 1 on LAN3.  All have unique SSIDs.

I'm wondering if I can get away with the Unifi U6-Pro or the U6+.  They say they are good to 140 deg F. I really don't want to employ a controller.

Thanks again.

I'm looking to move away from TP Link. I have 5 plus a repeater now, 2 are outdoor. I did a quick search for US Government approved access points and HPE Aruba and Ubiquity, among others (more enterprise suitable), came up. I wasn't really looking to spend $1k on new access points. Anyone have recommendations? Thanks

If you go to FIREWALL -> RULES, you'll see that there are a bunch of "Automatically generated rules."  These should give you good protection.

The outside of the units do tend to get hot. I questioned Protectli about mine and they said it was normal.  It's usually just hot on the cooling fins by design.  I set mine on a ceramic tile just in case.

My recommendation is keep it simple. Use the switch on one interface.

Post 41 was from my phone. To be clear, I'm positive I tried Eric's recommendation.

I restored a backup from the beginning of April and started over. Instead of coming back to this thread, I went from scratch.

I'm not sure what was jacked up. My apologies to Eric. He's helped me on every one of my topics.

Update.  Here's the solution thanks to the HomeNetworkGuy:

FWIW, this is EXACTLY the same as in reply #3 on this thread...

Crap.  You are 100% right.  I probably tried it but did it wrong.  So to correct myself:  Thanks to ERIC for the solution!!

Update.  Here's the solutio. Thanks to EricPerl.

Great news. This is on my list. Thanks

[I set it back to Pass All and everything works."]

You can compare the differences between any of your last configurations yia System: Configuration: History.

What do you mean by "I set it back to Pass All and everything works."? You only showed one firewall rule to that extent here. We were chasing ghosts here if that was not the only rule and you did not have internet access with that.

If it was not the only manual rule on that interface, then please show all interface rules. As I wrote, your first goal should be to enable internet access from all interfaces, then block specific inter-VLAN traffic without losing internet access.

On Port 3. The experiment in this thread was with Port 3-Cameras.

I have Pass All on all 3 LAN interfaces now.

Just a thought. Does a log exist that tracks every change that I made to any configuration?

I really appreciate everyone's help.  I guess I can take some small comfort that there's something bigger going on.  I set it back to Pass All and everything works.  I disabled the other WAN interface first to see if that would fix it and it did not.  Maybe if I get some time, I'll put the Untangle hardware back on and reinstall OPNSense on my Protecli box and start over although my configuration is really just out of the box settings.  Thanks again for all your help.

If anything pops up and you want more screenshots, please post.

Interface Overview

DHCP. DNS Servers are left blank.

[i]

1 have 3 interfaces.  LAN1 I want full access to LAN2 and LAN3.  LAN2 and LAN3 should be set up identically so they can access the internet only and specifically not be able to access LAN 1.

O1. I have 2 WAN ports but only one connected.  I have T Mobile as a backup provider but it's metered so I don't want to connect it until I figure out WAN Failover.  In Untangle, it was simple and automatic.
O2. I enable logging by clicking on it i and Apply.  It resets.  Why?  I have no idea.  You had me enable logging before. Post #9 shows blocking.
O3. Not a hotspot, an access point connected to OPNSense.  That access point is wired to Port 3.
O5. I'm not sure that matters.  When I connect to LAN2 or LAN3 from my PC, I get no internet access unless I put in a rule for Pass All.

Do the clients get their IPs and netmasks plus DNS server via DHCP? Your phone being connected via WiFi does not show if it has an IP/netmask or if it can resolve DNS.

Yes