You're reading from OPNsense Beginner to Professional Protect networks and build next-generation firewalls easily with OPNsense

Product type Paperback

Published in Jun 2022

Publisher Packt

ISBN-13 9781801816878

Length 464 pages

Edition 1st Edition

Tools

FreeBSD

Concepts

Network Security

Author (1):

Julio Cesar Bueno de Camargo

Preface

1. Section 1: Initial Configuration

2. Chapter 1: An OPNsense Overview FREE CHAPTER

3. Chapter 2: Installing OPNsense

4. Chapter 3: Configuring an OPNsense Network

5. Chapter 4: System Configuration

6. Section 2: Securing the Network

7. Chapter 5: Firewall

8. Chapter 6: Network Address Translation (NAT)

9. Chapter 7: Traffic Shaping

10. Chapter 8: Virtual Private Networking

11. Chapter 9: Multi-WAN – Failover and Load Balancing

12. Chapter 10: Reporting

13. Section 3: Going beyond the Firewall

14. Chapter 11: Deploying DHCP in OPNsense

15. Chapter 12: DNS Services

16. Chapter 13: Web Proxy

17. Chapter 14: Captive Portal

18. Chapter 15: Network Intrusion (Detection and Prevention) Systems

19. Chapter 16: Next-Generation Firewall with Zenarmor

20. Chapter 17: Firewall High Availability

21. Chapter 18: Website Protection with OPNsense

22. Chapter 19: Command-Line Interface

23. Chapter 20: API – Application Programming Interface

24. Other Books You May Enjoy

Troubleshooting

Let's look at some of the common issues while configuring load balance and failover configurations:

Failover/load balance isn't working: The tier 1 WAN line goes down, but the traffic is still trying to leave the firewall through it. OPNsense, by default, will set the gateway's IP address as the monitor IP address; for instance, let's suppose the WAN line was interrupted somewhere between the customer and the Internet Service Provider (ISP). The router/modem will be still alive and responding to ICMP requests. This can happen because the gateway's IP address is the local network interface of the router/modem, and it won't be down in this case, so the OPNsense monitoring daemon will consider it online; therefore, the condition to change to another WAN will not be triggered. To avoid this issue, always set the monitor IP address to an ISP WAN's cloud address; this way, when the communication between the ISP's router/modem...