WebGUI access from WAN??

[banym]

If I need access to a WAN Port I change the port of the management and open the Port from my fixed IP to the WAN Interface. The rule belongs on WAN Interface. That's it.

Never open it for the complete Internet.

[yxh]

When WebGUI access from WAN, if source is private IP, remember to uncheck "Block private networks" in Interface setting.

[konatodiel]

Try disabling reply-to on WAN rules (Firewall > Settings > Advanced)

I was looking for a solution to a similar problem for a long time.
This solved my problem !
thank you very much

[vadimax]

Try disabling reply-to on WAN rules (Firewall > Settings > Advanced)

This one is working for me.

[chrcoluk]

I think OPNsense could do with an option on the console for punching an initial hole through to the UI for a specific WAN IP, I think a rule that specifically whitelists an IP is fine.  The default LAN only assumes one is running the firewall local to them so they can just access over a LAN, but this falls apart on remote installations, and adding a firewall rule in the console, when the whole software is designed to be managed from the UI is clearly not a clean way of doing it, hopefully a solution can be found.

As it stands now it is pfctl -d disable the entire firewall, then going into the UI to add some kind of management IP ACL rule for access the UI and finally turning the firewall back on with apply.

[axel2078]

I've never liked the idea of allowing access to the OPNSense WebUI from the Internet.  I set up Wireguard on OPNsense and if I need to log into my OPNsense system when away from home, I just fire up the Wireguard VPN on whatever device I'm using.

[chrcoluk]

Well your case is a local install, if OPNsense is remote you need to at the very least have some kind of initial WAN access.  Even if its to setup a VPN.