collapse router with public subnet and firewall in one configuration

[relume]

Hello

We would like to switch our Internet-Connection infrastructure to OpenSense.

Our actual Internet-Connection infrastructure consists on a Router with a fixed public IP (fibre connection on VLAN 10) and routes to our (fixed) public IP-subnet. Our Firewall routes/maps this public subnet to our internal/private network and DMZ. Router and Firewall are both VMs.

We would like to ask the community, if it would be possible to collapse router and firewall to one single OpenSense configuration? If this would be possible, we would also like to ask, if such an approach is also reasonable in the sense of performance and security?

Many thanks in advance for any hint

[fsebera]

Hi Relume,

The quick answer is maybe.

Technically what you are seeking to do is possible but throughput through OPNsense will be mostly controlled by the physical host, memory, CPU, Disks dedicated to the OPNsense setup. Plan on having 2 FWs and for true backup/failover, 2 physical servers – especially if your production environment is critical. The way you find out if your environment is critical is to have your only FW fail. If you are still employed the next day, you’re good. 😊

Get this new setup fully functional in a lab environment before moving over to your new plan. As you can see, most folks do not respond to questions and the documentation is …… well you will be the judge on that.

Good Luck

Frank