A frequently requested guide on how to create a transparent filtering bridge in #OPNsense!
A transparent filtering bridge allows you to use OPNsense purely as a firewall on your network using your existing network hardware. Because a transparent filtering bridge is physically inserted between 2 devices on your network, you can place the filtering bridge in multiple areas of your network where you decide you want the additional security protections.
In this video, I demonstrate how to set up a dedicated management interface in OPNsense that is not a part of the bridge so that you do not have to worry about getting locked out of the OPNsense web UI. It will allow you to freely change the configuration of the bridge without concern of losing access. I personally like having dedicated physical interfaces for management purposes on a number of devices on my network, which is why I am showing how you can also do the same in this guide..
Because of the desire for a dedicated physical interface for management, you will need a device with at least 3 network interfaces to complete this guide. I am using the Gowin R86S since it has 3 2.5Gbps interfaces so it will work well in this scenario (even with Zenarmor enabled, it can still push nearly 2 Gbps of throughput with the Intel N5105 CPU-- with a stronger CPU you can get more throughput).
I perform a couple of tests along the way to ensure that the bridge is working properly and to ensure the security protections are actually blocking the intended traffic. This is important to ensure that you do not have a false sense of having increased security on your network.
A written version of this guide: https://homenetworkguy.com/how-to/configure-opnsense-transparent-filtering-bridge/
Affiliate links:
Grandstream GWN7811P L3 switch: https://amzn.to/3CqJFAs
Grandstream GWN7664E AP: https://amzn.to/4hJLBUI
Gowin R86S-P2: https://s.click.aliexpress.com/e/_DdxGjnJ
ZimaBoard 832: https://amzn.to/3UIeuqj
Non-affiliate links:
Grandstream GCC6010 convergence device: https://www.ipphone-warehouse.com/grandstream-gcc6010-unified-communications-ip-pbx-and-networking-system/
Grandstream GWN7811P L3 switch: https://www.ipphone-warehouse.com/grandstream-gwn7811p-8-port-gigabit-poe-managed-network-switch/
Grandstream GWN7664E AP: https://www.ipphone-warehouse.com/grandstream-gwn7664e-high-performance-wi-fi-6-wireless-access-point/
Gowin R86S-P2: https://www.gowinfanless.com/uncategorised/gw-r86s-p-series/gw-r86s-p2
JetKVM: https://jetkvm.com/
Chapters:
00:00 Introduction
00:29 What is a transparent filtering bridge?
00:42 Location of a transparente filtering bridge
01:59 Dedicated physical management interface
02:52 Hardware that has 3+ physical interfaces
03:50 Overview of steps in this guide
06:39 Example existing network
07:06 Setting up the bridge device
07:30 Installing OPNsense
09:34 Plug PC into bridge device
10:03 Log into OPNsense
10:29 (Optional) Changing the LAN IPs
13:32 Create management interface (MGMT)
15:28 Create firewall rule on MGMT
17:30 Connect MGMT & PC to existing network
17:56 Testing the new management interface
18:41 Setting up the bridge interface
18:57 Disable outbound NAT
19:15 Change the system tunables
20:39 Create the bridge interface
21:47 Remove bogon/private network blocks on WAN
22:08 Disable DHCP on the LAN interface
22:30 Skipping steps on official OPNsense guide
23:27 Set IP config type to "None"
24:30 Create firewall rule on the bridge
25:22 Connecting & testing the bridge
26:37 Testing a firewall rule on the bridge
28:26 Setting up Internet access for OPNsense
31:44 Update OPNsense
32:05 Installing Zenarmor
35:47 Testing Zenarmor
38:43 Setting up intrusion detection (Suricata)
43:33 Note about Suricata & Zenarmor
44:08 Other plugins & protections are available
EP60
Join this channel to get access to perks:
https://www.youtube.com/channel/UCvdHQkQv8KpwMnKkitmUVTQ/join