Dec740 connected to a USW-Pro-8-PoE

[DEC740airp414user]

I am going to replace my Dec670 soon.

thinking about going with the above hardware.     for the 10Gb connectivity part, I am reading all I need is a single UACC-DAC-SFP10-0.5M.  which is listed as certified to work.

can anyone confirm that is all that is needed for me?

[pfry]

Confirm, no. But I'd bet a fair pile of money on it, assuming the length is what you need. Funny, I took a look at pricing (for the cable) and got all sorts of way too expensive results, but the Ubiquity store price was quite reasonable.

[DEC740airp414user]

what in addition to https://store.ui.com/us/en/category/accessories-modules-fiber/collections/accessories-pro-direct-attach-cables/products/10gbps-direct-attach-cable?variant=uacc-dac-sfp10-1m

would I need for 10G Lan purposes. 

port 9 on the switch which is SPF+  that cable would go to X0 on the OPnsense router.   

[pfry]

what in addition to [...]

For connecting the firewall to the switch, nothing at all. I wasn't critiquing your choice of cable - I was just attempting to avoid endorsing a particular length, as the only critical element is "long enough", and that's your choice.

Heh. Someone here must have an identical setup to your planned one. Just for the paranoia endorsement.

My own is random PC with Intel x710, with random TAA DACs to two servers, also with x710s. My (Netgear) switch uplink is fiber, as it's in another room - a bit far for a DAC. I had to get an Intel ID'd optic (I got genuine Intel, surplus) for the uplink; the DACs don't require any branding with the Intel cards. Not a concern with your setup as described.

[meyergru]

I have never encountered any compatibility problems with 10G DAC cables.

[JeGr]

I have never encountered any compatibility problems with 10G DAC cables.

Sadly I have. Some switch manufacturers are pretty crazy these days with DAC compatibility. Ubiquiti is not one of them though, I got gifted 2 unused DACs from Netgear stuff someone threw away and those had no problem working within a Unifi switch and a OPNsense test hardware. But Unifi SFP(+)s are quite reasonable when it comes to pricing plus with their SFP programmer hardware it shouldn't be hard to make the necessary "changes" to a module to make it ... say more "appealing" to specific switch vendors if needed ;)

And yes, I almost had the same setup in my lab at one point, just with the older USW-8-Enterprise-PoE but the setup works. One SFP+ to the firewall one to another server (or switch - the 8-port aggregation is really cheap for that) and you're ready to play around with 10G LAN stuff.

Cheers

[DEC740airp414user]

I am in the United States.
has anyone placed an order lately. and what are the tariff charges or are they now built in to the price?

[DEC740airp414user]

Ordered and the rj45 spf modules in the opnsense store.

Finally got the sp+ setup as my primary lan though the console.
Dec740 port 0- 9 the spf port on the pro ui switch.  It shows connected at full duplex 10gb

Now when I activate wireguard tunnels, any device going over the wireguard tunnel can't access the router gui.   If I create a rule to have that device go over the wan I can access the gui?    I can't believe this is my only issue and I've spent hours on trying to fix this.  Disable routes is checked on each tunnel.  Everything is setup exactly as my previous appliance.  But I am struggling to figure this out.

It is setup to listen on all interfaces so that is not the issue

Any suggestions are welcome

[patient0]

any device going over the wireguard tunnel can't access the router gui.

What firewall rules have you created on the Wireguard interface?

[DEC740airp414user]

any device going over the wireguard tunnel can't access the router gui.

What firewall rules have you created on the Wireguard interface?

Do you mean wireguard group
Or the wireguard tunnel to external isp

Group has the default rule still which I honestly don't remember being there on my old appliance I can boot it up to verify

The other is empty just like the old device. I imported the rules from the configuration file

I've gone in and made rules on each interface.  I allowed all, didn't work.  then I created allowed to destination *this firewall).  that did not work either after cleaning states.     I can not PING the appliance.   how is that possible?
2nd part of weirdness.  under System: Trust: Certificates.   the  webgui tis cert is there.  but when you open it.  and try to close it it says error missing CA key.   

when I received the appliance I did a fresh install of business edition.    is that error part of this,  or is that normal?

[patient0]

Do you mean wireguard group
Or the wireguard tunnel to external isp

Either work, the order is <interface group> first and then the <interface(s)>. If you have quick rules in the interface group that match, the interface rules are not evaluated.

Allow all or all This Firewall sound good but without seeing the rules I would know.

https://docs.opnsense.org/manual/firewall.html#processing-order

2nd part of weirdness.

* patient0 has not idea here

[DEC740airp414user]

so I never had this rule.  but this resolved it (attached)

is this expected?     this also isn't what I want.    I want to restrict.    only one network to access the GUI>.   when I changed this yesterday I had to restore a backup.    this also worked previously.   my head hurts

you list the same router.  if you open system > trust > certs > webgui TLS key.   then edit it and try to close it.   does it give you an error?

[DEC740airp414user]

ok I believe I fixed it.

on the SPFLAN interface I created an allow rules to destination - this firewall. TOP of list

on the guest/ IOT VLANS.   top rule I created block rule to destination - this firewall.

I believe I am good now,   totally different how I had it before.

    earned me some new brain wrinkles