⏳ (30 minutes)

Baseline Configuration

Objective. Review the preloaded OPNsense config and harden it into a clean, auditable baseline: confirm interface/IPs, implement a zone-based stance with least-privilege rules, enable NAT correctly, and turn on logging/monitoring so we can see traffic during later labs.

Prereqs. Students have the provided config restored and can reach the OPNsense UI. Interfaces in this image: Site/LAN = 10.30.0.2/24, corp = 10.10.0.2/24, dmz = 10.20.0.2/24, cell = 10.40.0.2/24.

You will be using Site VM and accessing the firewall using both SSH as well as the web interface at https://10.30.0.2 (only accessible from Site VM)

Success Criteria

• You will gain an understanding of accessing and configuring the OPNsense firewall
• You will configure firewall rules based on the results from Lab 1.3 with a sample list below. But we want you to explore as well, not just click through the tutorial!
• Logging enabled on all policy rules we’ll observe in later exercises.
• Basic monitoring (live firewall log + traffic/Insight) produces entries when you generate test traffic.

<aside> <img src="/icons/chemistry_blue.svg" alt="/icons/chemistry_blue.svg" width="40px" />

Lab 2.2 Activities

</aside>

Step-by-step

Part 1 - OPNsense Introduction

Goal. Reach OPNsense over SSH from the Site VM desktop (Remmina), try the built-in console menu, run a ping to the Cell, then tour the web UI.