"
Hello
I just got a DEC750 and what a wonderful machine. However, when I search the internet on how to configure the firewall, I see many posts for many different versions of Opnsense with many different ways of doing the same thing. I want to therefore ask here what is the canonical way of achieving the following, in 2024 (Opnsense 24.10+ with business license):
Given a generic interface setup (WAN, LAN1, LAN2, LAN3)
1. What is the correct way of configuring an airgapped VLAN (lets call it VLAN1) ?
Airgapped means:
- No devices in VLAN1 can access the outside world (WAN).
- Devices on a subset of other interfaces (LAN1,LAN2,..) can access the VLAN1.
- Devices in VLAN1 can talk to each other and get IPv4/6 DHCP assignments from router.
2. What is the correct way of configuring an "isolated" VLAN (lets call it VLAN2) ?
Isolated means :
- Devices in VLAN2 can access the outside world (WAN)
- Devices on VLAN2 cannot access any other interface
- No other devices on another interface can access VLAN2, save for a specific subset (Either a VLAN3 or Specific MAC addresses, both ok)
- Devices in VLAN2 can talk to each other and get IPv4/6 DHCP assignments from router.
Let's assume I start from the default configuration on a DEC750 with Opnsense 24.10+ (some rules such as "let out anything from firewall host itself" already present and cannot be deleted (?) on all interfaces). What is the correct procedure to achieve 1. and 2. ?
Thanks
B.
I just got a DEC750 and what a wonderful machine. However, when I search the internet on how to configure the firewall, I see many posts for many different versions of Opnsense with many different ways of doing the same thing. I want to therefore ask here what is the canonical way of achieving the following, in 2024 (Opnsense 24.10+ with business license):
Given a generic interface setup (WAN, LAN1, LAN2, LAN3)
1. What is the correct way of configuring an airgapped VLAN (lets call it VLAN1) ?
Airgapped means:
- No devices in VLAN1 can access the outside world (WAN).
- Devices on a subset of other interfaces (LAN1,LAN2,..) can access the VLAN1.
- Devices in VLAN1 can talk to each other and get IPv4/6 DHCP assignments from router.
2. What is the correct way of configuring an "isolated" VLAN (lets call it VLAN2) ?
Isolated means :
- Devices in VLAN2 can access the outside world (WAN)
- Devices on VLAN2 cannot access any other interface
- No other devices on another interface can access VLAN2, save for a specific subset (Either a VLAN3 or Specific MAC addresses, both ok)
- Devices in VLAN2 can talk to each other and get IPv4/6 DHCP assignments from router.
Let's assume I start from the default configuration on a DEC750 with Opnsense 24.10+ (some rules such as "let out anything from firewall host itself" already present and cannot be deleted (?) on all interfaces). What is the correct procedure to achieve 1. and 2. ?
Thanks
B.
