opnsense noob - learning - several topical questions...

[stuartbh]

Forum members,

I have been running pfSense for some time and am contemplating a move over to opnsense. In so doing there are some several things that interest me and I am in a phase of doing research at this time.

I have a DSL modem that is in bridge mode and it will provide me with 3 or 5 publicly routable dynamic IPv4 address (modem reboots, I likely get new IP addresses). I have several Cisco switches with 2 vLANs I use (one vLAN has just my DSL modem on it, the other vLAN is my LAN, though I'd like to add a couple more vLANs for guest WiFi and maybe cameras on a 4th vLAN). pfSense routes betwixt the WAN and LAN vLANs currently.

One interest is to have the HA instantiated in a manner whereby one opnsense node is running on a dedicated hardware device and the other is virtualized. Total fault tolerance is NOT my goal. I work from home and would like to know that if I need to upgrade and reboot my main opnsense node or the dedicated hardware fails the virtualized instance will take over. I presume another vLAN would need to be added for the heartbeat for the 2 opnsense nodes (I have no problem with that).

I currently do not use IPv6 but it seems a good time to consider setting that up too as my ISP does give me a large number of publicly routable IPv6 addresses I understand.

With respect to dedicated hardware many people told me that older Sophos XG and SG firewalls run both pfSense and opnsense well. I am also investigating older Watchguard firewalls (XTM 5 series). Any ideas on that would also be well appreciated.

I am also curious if there are any scripts that can convert portions of a pfSense backup into a format that it can be uploaded to opnsense to minimize full on reconfiguration.

Thanks in advance!

Stuart