OPNsense Configuration Questions

Started by t84a, December 16, 2024, 10:45:54 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
December 16, 2024, 10:45:54 PM Last Edit: December 17, 2024, 07:51:24 PM by t84a
Brand new to OPNsense. Coming from Untangle. I bought a Protectli Vault 6 and configured it as follows:

Interfaces:
igc0: LAN 1 (Port 1); 2.1/24
igc1: LAN 2 (Port 2); 1.1/24
igc2: LAN 3 (Port 3); 3.1/24
igc3: Unassigned (Port 4)
igc4: WAN 1 (Port 5); DHCP
igc5: WAN 2 (Port 6); DHCP

My newbie questions:

Are default firewall rules ok for LANs to start? I'm hesitant to go live without knowing this.

How to I block and/or allow traffic between LAN devices? Is traffic blocked or allowed by default?

I want LAN1 to be able to access the other LANs but I don't want LAN2 and LAN3 to be able to access any of the other LANs.

I also want to set up WAN Failover using Mobile as my backup? WAN1 is primary; WAN2 is backup

Thanks Ken
December 16, 2024, 10:52:24 PM #1
Defaults are WAN blocks all in, allows all out.
New networks i.e. new WAN (WAN2), new LAN (LAN2) will be set without those rules, so default deny. You can copy them as needed.
December 17, 2024, 03:01:55 PM #2
Quote from: cookiemonster on December 16, 2024, 10:52:24 PMDefaults are WAN blocks all in, allows all out.
New networks i.e. new WAN (WAN2), new LAN (LAN2) will be set without those rules, so default deny. You can copy them as needed.

Thanks. I'm not sure I understand.  Also, if I remember correctly, when I booted up for the first time, it was set up as LAN assigned to port 0 and WAN assigned to port 1. I reconfigured port 1 to LAN2. So given that, is my WAN blocked?

Also, on all of my LAN interfaces, the Block logon networks is checked. I didn't do that.  I don't think it should be set to that, right? As I posted above, I want LAN2 to be able to see LAN1 and LAN3 but I don't want LAN1 and LAN3 to see any other LANs.  I don't understand how to set up Block and Allow (Untangle terms). Thanks again.
December 17, 2024, 03:42:19 PM #3
The rules for WAN and LAN get applied automatically when you define the interfaces. So if you change them, the rules will follow the definitions.
In other words if you change port 0 from WAN to LAN, the rules will move to port 0. Same for LAN. As far as I remember, please check. I'm not sure it'll be the same for the others.
Best thing is to make sure your cables are assigned as they will be permanently for WAN and LAN. Then go to shell menu of OPNSense and use the option to assign interfaces. Ideally from a reset, no need to reinstall.
Then you'll have the correct rules for WAN and LAN. After that you can create the new interfaces and clone rules.
Print
Go Up Pages1
User actions