Messages

106

20.7 Legacy Series / Re: 2 Switch 1 WAN

« on: November 14, 2020, 12:19:59 am »

one more question I hope someone can point me to the right way of doing.
LAG has 3 modes.

LACP
FAILOVER
FEC
LOANDBALANCING
ROUNDROBIN.

The idea behind our setup is to have our connection redundant means if switch 1 goes down the connections will remain up.
each switch will have 10GB up link connected to it.

which set up is the best to use for this purpose.

thank you for your respond

107

20.7 Legacy Series / Re: 2 Switch 1 WAN

« on: November 04, 2020, 12:08:24 am »

Yes, then it works like liceo said.

it wouldnt need any extra configuration after LAG the interfaces? this what i am wondering.

108

20.7 Legacy Series / Re: 2 Switch 1 WAN

« on: November 03, 2020, 01:10:44 pm »

The question was not if a single switch of yours is able to do LACP. The question is, if connecting the ports to different switches will work with LACP.

It makes a difference if you connect one device to two switch ports of the same switch or to individual switches. The switches need to be aware of that fact.

i understand your question correctly, both switch are LAG, they operating as one switch. we LAG them using 10GB ports.

Our ESXI has 2X10GB NICS so each NIC is connected to different switch and acting as a LCAP on the vCenter. Port 1 is at Switch 1 Port 4 and Port 2 is at Switch 2 Port 4 and so on...

the only remain question is can OPN combine both interfaces as LCAP.

Thank you

109

20.7 Legacy Series / Re: 2 Switch 1 WAN

« on: November 03, 2020, 10:52:52 am »

Should work. You can aggregate multiple interfaces. The settings are under "Interfaces" > "Other Types" > LAGG. In the "LAGG proto" field you can choose LACP.

I don't think LACP will work for multiple (individual) switches. Did the ISP say that LACP is possible? It depends on the switches if it's possible. What manufacturer is it and what model?

Otherwise "failover" would be an option for protocol.

thank you for your answer.
the switches are Brocade ICX7250-48P and support LACP, we are using one for the LAN to do LCAP with our VMware servers,

110

20.7 Legacy Series / Re: 2 Switch 1 WAN

« on: November 02, 2020, 11:46:33 pm »

i tried to draw it a bit. hopefully its a bit clear thank you

111

20.7 Legacy Series / 2 Switch 1 WAN

« on: November 02, 2020, 11:19:01 pm »

Dear all,

i am trying to archive some setup and dont know how to do it.
the situation as next :
our ISP have two switch for us which configured to act as one. switches are layer 3.
We have one opnsense hardware behind "OPNsense A10 Dual Core SSD rack Gen2" a opnsense hardware which we are happy with.
So i want to have two WAN cables from each switch, so Switch 1 to WAN1 and Switch 2 to WAN2 and configure WAN1 and WAN2 as LACP.
is this even possible in opnsense ?

Thank you

112

20.7 Legacy Series / Opnsense 20.X wont boot

« on: September 06, 2020, 08:11:13 pm »

Hi guys,
ive been fighting with a hardware box it doesn't wanna boot. i managed to get up to boot by doing the next

first command during the boot

set kern.vty=sc
boot

when it boot i disabled the option  Use the virtual terminal driver (vt) at System >> Settings >> Administration

my question is, would a update overight those settings of  Use the virtual terminal driver (vt) or not ?

Can i priciest those settings somehow at System: Settings: Tunables ?

Thank you

PS : i've installed the opnsense at a Sophos Hardware

113

Zenarmor (Sensei) / Re: Sensei on OPNsense - Application based filtering

« on: August 28, 2020, 01:55:01 am »

I have tried this at one of our customer however the free version is more limited than expected to test.
So had to remove it unfortunately

114

Intrusion Detection and Prevention / Re: Send IPS alerts by e-mail

« on: August 19, 2020, 11:28:48 pm »

This is really handy have you managed to configure it ?

115

20.7 Legacy Series / Re: GeoIP Rules Question

« on: August 19, 2020, 11:22:59 pm »

If you limite your outgoing network port 55xx won’t have a chance

Allow just DNS and 443 I forward 80 to 443 so don’t have to open 80 outbound
Been doing this for long and very satisfied about the result

116

20.7 Legacy Series / Re: Wireguard Broken after Successful Upgrade

« on: August 19, 2020, 06:11:50 pm »

Or me I can help you We have over 250 tunnel now using WireGuard and it works great
I have removed openvpn from product0n

117

20.7 Legacy Series / Re: GeoIP 20.7 solution

« on: August 19, 2020, 05:45:59 pm »

Today I have rebooted one of the boxes and noticed it’s didn’t load the geoip.
After changing the size from 200k to 400k op has been loaded
It’s a bug but this solutions is the only that works for me till now.

@hydschu read carefully what I said

118

20.7 Legacy Series / Re: GeoIP 20.7 solution

« on: August 18, 2020, 12:54:30 am »

Make sure to change the number twice to the one you have already there and reload the GEOIP.
like remove one country and save and re-add it.
i've done it today in 4 boxes which had the issue before and its appear to fix it.

119

20.7 Legacy Series / GeoIP 20.7 solution

« on: August 17, 2020, 03:56:15 pm »

Hi Guys,

If your GEOIP seems not to works after the last uptate, the issue is easy and simple
your firewall Firewall Maximum Table Entries is Limited to 100k.
So Go to your firewall>>>Settings>>>Advanced and change the value of Firewall Maximum Table Entries to 200k and save.
i have mine at 400k as ive got a powerfull hardware.

after i've done that the GEOIP start working and loading IPS.

120

20.7 Legacy Series / Re: [SOLVED] GEOIP blocking no longer working 20.7

« on: August 11, 2020, 02:00:49 pm »

@saveka i had this done in 10 boxes already and its working for me.
PM me and i can have a look with you with teamviewer if you prefer.
otherwise see me at the IRC and i'll help you.