Configure OPNsense¶
Goal¶
Create the initial lab gateways and firewall baseline.
VLAN interfaces¶
Create these VLANs on the LAN parent interface:
| VLAN | Name | Gateway |
|---|---|---|
| 10 | Management | 172.20.10.1/24 |
| 20 | Servers | 172.20.20.1/24 |
| 30 | Workstations | 172.20.30.1/24 |
Recommended initial services¶
- DNS Resolver enabled or DNS forwarding configured.
- DHCP disabled for Servers VLAN.
- DHCP can remain disabled initially on OPNsense if Windows DHCP will serve clients.
Firewall baseline¶
Management¶
Allow management to servers.
Servers¶
Allow servers to Internet for updates.
Workstations¶
Allow workstations to domain services on HQ-DC01.
Guest / DMZ¶
Not required in Phase 1.
Validation¶
- Gateways respond to ping from allowed networks.
- OPNsense has Internet access.
- Firewall rules block unintended traffic.