Basic rule for each network

[xque]

Hello Everybody,

I'm configuring a new opnsense with around 40 VLAN each one is assigned on an interface.
To resume, I have around 40 networks.
One of my workmates tell me that I need for each network de following rule:

Example for network vlan ID 100
Interface  VLAN_100
Protocol any
Source VLAN_100
Destination VLAN_100
GW VLAN_100_GW

I really need this rule to be sure that my network 100 can reach it own GW?
Or it's superfluous?

Thank's a lot for your help

[meyergru]

That depends on what you are trying to achieve. I would first configure one VLAN and try everything I want to work (or not work) and configure the firewall rules it to that extent. For example, if you want internet access for your VLANs, you need an "allow all" rule anyway, so a more specific rule is dispensable.

To save you some work, you can define firewall interface groups for your VLAN interfaces. That way, you have to create firewall rules only once for the groups.
 

[xque]

Hello,

Completely agree with you, testing would be a good idea. Unfortunately for me, all my VLAN are physically connected on a black fiber trunk who is connected to another city.
I have to configure everything before commissioning with no chance of testing.

I'm pretty sure if I create a group with all my interface inside and create a rule with:
Interface  Gr_VLAN
Protocol any
Source GR_VLAN
Destination GR_VLAN
GW default

All VLANs in the group will be allowed all together?
This is not what I want.

I would just like to be sure that I don't need an internal rule to each VLAN that allows network members to join the GW?

Thank's a lot