OPNSENSE: FACTORY RESET

Started by M_ndala, March 04, 2024, 11:52:47 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions
March 04, 2024, 11:52:47 AM
Hello everyone,
I am new to OPNsense hardware/firewall and  I would wish to get some help

Scope of Work
•   Deployment and implementation of the FW in transparent filtering bridge
•   Implement IPS, application and web filtering.
•   Installation of Next generation firewall Plugin Zenarmor
I followed the guidelines on creating transparent bridge and the following was configured, however, I  lost GUI access to the firewall after completing the below.
•   Outbound NAT rule disabled.
•   Changed system Tuneables (net.link.brdge.pfil_bridge set 1 , net.link.brdge.pfil_member set 0)
•   Bridge (Brdige0) created and assigned LAN and WAN interfaces to the bridge.
•   Assigned management IP to the bridge.
•   Disabled Block private networks & bogon.
•   Disabled the DHCP server on LAN.
•   Disabled Default Anti Lockout Rule
•   LAN and WAN interface set type to 'none.'

Bridge_Interface (bridge0) -> v4: 192.168.20.5/24
LAN (igb0)      ->
WAN (igb1)      ->

The bridge has an IP assigned as above, but for some unknow reasons I cant access the firewall via that IPv4 address.

NOTE: Currently no access to the FW via GUI, only accessible via USB console cable. Is there a way I can reset the appliance back to factory defaults and perhaps do reconfiguration.

Thank you, Mike
April 09, 2024, 04:27:29 PM #1 Last Edit: April 09, 2024, 04:36:02 PM by AKH
Hmm,

bin auch dabei mich mit der OPNSense Firewall - insbesondere Bridge zubeschäftigen.

An der Bridge selbst darf du/man keine IP binden.

Ich habe direkt mit 4 Netzwerkkarten gearbeitet.

            WAN
               *
DMZ ********ADM
               *
             LAN

Dabei ist es egal ob du die Bridge
von
WAN - DMZ
oder
WAN - LAN
oder
DMZ - LAN 
baust.
Du hast deine beiden Netzkarten verbraucht.

Wenn (WAN - LAN) oder (DMZ - LAN) Bridge  - kann/soll die LAN Schnittstelle keine IP haben.
Also ADM - extra Netzkarte /Anschluss und extra IP - dann kommst du immer an die OPNSense

Bei WAN to DMZ oder WAN to LAN hast du aber eigentlich auch keine wirkliche FW Struktur, wenn
die Daten über die transparente OPNSenseBridge und Zenarmor ungeblockt durchkommen würden.
Also das ist reporting und blocken die eigentliche Aufgabe!

Print
Go Up Pages1
User actions