Messages

As I mentioned in another thread, I am evaluating this platform as a replacement for my business customers.

My initial research shows that the only AD-sync that can be done is manually... While pfSense and most other enterprise platforms offer an AD sync option.

I saw a thread here with conversation between and end user and maybe Franco, where the value of an automatic or real-time sync was questioned...

Quite simply put - I do not know any SMB, mid or enterprise admin that wants to manually sync a firewall to AD every time a users is added or a security group or OU is changed.. let alone every time a user changes their AD credentials. That is insane!  Unless I am missing something, that is the case here.

In most business networks, AD is used and AD credentials are reset regularly, most often by end users. If this firewall is used as the VPN concentrator, then user's will be constantly locked out until a resync is done or user's are manually added to the firewall....

Honest question (no disrespect meant to anybody). Is this an honest business product, or a fancy home firewall/router targeted at tech savvy bit twiddlers tired of DD-WRT or mad at pfSense for selling out?

So I have some rather large concerns here....

I deleted the associated interfaces and bindings and definitions and rebuilt VLAN20 from scratch, using the EXACT same steps as I had the first time. Things are again working.

Forgive my forward impression as a first time user, but this does not give me a warm fuzzy feeling about this platform.

I am evaluating in my home, as I am a Sophos partner that has searched high and low for a UTM/SG/XG replacement for my customer base. The Sophos product is a nightmare for many reasons.

I have not tried pfSense so can not comment on how this product compares, but this give me great pause about rolling this platform out to my business customers.

Are issues like I just ran into common?

OPNsense 18.7.3-amd64
Hyper-V 2012R2 (CORE)
Intel quad port physical NIC
5 static public IPs - 1 assigned to WAN. 2 assigned to Virtual IPs
Port forwarding/NAT rules appear to be working.

Wireless APs - Ruckus R600 Unleashed
SSID1 - NO VLAN
SSID2 - Marked for VLAN20

Windows AD server set to DNS and DHCP
10.15.30.0/24 subnet
LAN works as expected, DHCP leases handed out, AD happy and healthy with DNS
SSID1 - working on LAN

First Attempt to construct VLAN:
2 Virtual NICs attached to OPNsense
HyperV-VNIC 1 - WAN
HyperV-VNIC 2 - LAN

Using PowerShell - set LAN VNIC to -trunked 20 and -nativevlanid 0
Physical switch ports all set to trunked
New OPNsense Interface "INT_VLAN20" Subnet 10.15.31.0/24 with address 10.15.31.254
New VLAN "VLAN20" parent interface HN1 (LAN)
Assignement LAN VLAN20 on HN1 "INT_VLAN20"
Added DHCP Server for INT_VLAN20 with scope x31.50 to x31.200

For a short time things were working - SSID2 was able to grab a x.x.31.x IP from DHCP and SSID1/LAN worked as expected. 
Rebooted OPNsense and things broke. I tried for hours to get things working, including starting from scratch.
No Luck

Second Attempt:
Added additional VNIC to hyper-v
LAN NIC set back to untagged
New NIC set to access port=20
So HN3 = VLAN20 NIC now.
Parent interface for VLAN20 is HN3 and assigned accordingly.
Things are still not working...

Anybody willing to help - I am at a complete loss here and this should be fairly straight forward.