best practice to create WAN/LAN with internet modem router

[opnsense_user]

dear community

running Riverbed CX550 device (ports shown below) with internet modem ,


"best" configuration I got going is connect

1. modem to CX550 WAN_0 port  (igb1 interface in opnsense)
2. CX550 LAN_0 port to switch (igb0 interface in opnsense)
3. CX550 PRI port to switch (igb4 interface in opnsense)
3. switch to a desktop

this way I can access opnsense URL

but above setup does not differentiate WAN and LAN and so if I want to set a rule protecting OPT1 interface saying only LAN interface can access it , thats not possible

given internet modem is just a DHCP giving address in 198.168.1.x and range is it even possible to perform some kind of differentiation between interfaces (LA vs WAN vs OPT1)

ie make only OPT1 accessible to to that switch from LAN interfaces , appears when I specify rule firewall logs denial appears all is running as WAN in above setup



https://support.riverbed.com/bin/support/static/aeohu4i9e68gucosmn6rcsvr1g/html/i38d87tifjq6og6l6i8c1s8m4n/sh_cx_9.5_icg_html/sh_cx_9.5_icg/images/155_front.jpg

[Patrick M. Hausen]

You need two switches or a managed VLAN capable switch to have two separate networks.

[opnsense_user]

thanks for this so

internet modem -> switch (not ordinary but VLAN capable) -> Riverbed CX550 device (WLAN_0) port -> the rest (and network separation possible and therefore network isolation, the rest could differentiate between WAN and LAN OPT1 etc)

the sitc in the original post is just simple eth switch for 4 devices, the new VLAn capable switch sittinh in beteeen modem and CX550  would be special VLAN capable)

also modem has wireless capable network and so that would be separated unless one gets a wireless device and adds to LAN network I am assuming

do you have idea on VLAN model (economy) ? thanks much in advance

[opnsense_user]

will be also trying to isolate OPT1 onto singular machine (if that helps similar out there)

How to Configure OPNsense for a Directly Connected PC or Server

https://homenetworkguy.com/how-to/connect-pc-directly-to-opnsense-interface/

[Patrick M. Hausen]

I rather meant

Internet modem - your CX550 - managed switch - all wired client devices plus if desired an access point, also VLAN capable if necessary

You can use a single connection from the CX550 to the switch and tagged VLANs or use a simple port based VLAN setup and possibly a cheaper switch and two separate connections from the CX550 to the switch. Or just two separate dirt cheap unmanaged switches.

You can use neither the WiFi of the Internet modem nor connect any client devices there. The Internet modem is "the Internet". It's evil. All protected decices must go behind the OPNsense. OPNsense goes between the evil Internet and all other infrastructure. That's what a firewall does.

[opnsense_user]

love the answer lol thank you (the evil part) hence the opnsense will try all how it was instructed 

[samnet]

Dear All
Im trying to install opnsense 23.1 on riverbed cx255 model which is slightly different form 550 but Ive noticed something strange that it gets installed successfully but when I reboot after install interfaces of lan and wan does not go up. while pri goes up fine. I went to the BIOS and tried all combination of bypass and no bypass. still no luck.
the original riverbed os behaves similar but during boot I hear a click and interfaces go up.
so Im hoping its just a matter of a script or something to bring them up.
the opnsense sees both interfaces as igb0 and igb1
can anyone help on this matter?