Installing the Firewall

1. Create the OPNSense machine from a template as directed by your teacher
   1. Don't turn it on!!! You did already? Then turn it off.

   2. Ask your instructor or TA to place your second NIC on your private VLAN see NetworkConfiguration/VlanAssignments

   3. Now turn it on
2. Boot it to a login prompt (this will take some time)
   1. Note the LAN and WAN assignments. In the past they have tended to be: WAN=hn1, and LAN=hn0. These are probably backwards to what they should be.
3. Login as:
   1. User=installer b. password=opnsense
4. Select the following to install:
   1. Continue with default key map
   2. Install (UFS) //this is the default
   3. Select the larger disk (not the CDRom), OK, Yes... Install takes a while
   4. Change your root password
   5. Turn off the machine (it will likely reboot and at that point it is safe to turn off)
   6. Once it is off, edit the machine properties, hardware and set the DVD/CDRom to no media
   7. Power it back on and let it boot
5. Login as root (you changed the password, so you should know it).
   1. IF EITHER INTERFACE DOES NOT HAVE AN IP ADDRESS, Select 1 to define the interfaces
      1. Answer no to the VLAN setup
      2. Set WAN to the opposite of what it was (it should probably be hn0)
      3. Set LAN to the opposite of what it was (it should probably be hn1)
      4. Hit enter, we are done.
6. Check the IPs again:
   1. LAN = 192.168.1.1/24, If you need to reset it, There is no IPv6 at this time. Enable DHCP on LAN and set the range to start at 192.168.1.100 and end at 192.168.1.200.
   2. WAN = An IP assigned by DHCP. No need to change this one. If its not, ask the Instructor or TA for help.

From here on, we will be using the Windows Client Machine that is behind the firewall to complete the setup. If you haven't done so, install the Windows Client now.

1. Use the browser on your Windows client VM behind the firewall to complete the setup using the following information:
   1. Browse to 192.168.1.1, wait for it... Next
   2. Set Primary DNS = 10.10.129.2 AND
   3. Secondary DNS = 10.10.129.3
   4. Time Zone = UTC (the default) or Your time zone. E.g. American/New York

   5. On the WAN setup page, at the bottom uncheck the following

      1. Block RFC 1918 Private Networks
      2. Block Bogan network

Hints:

Problem: No access to anything.

Solution: IP address may be old. Open a command prompt and issue the following commands:

• ipconfig /release
• ipconfig /renew
• ipconfig /all

Verify that you have an address from your DHCP server that works.

Problem: I can access the internet, but I can't access 192.168.1.1 and complete the setup of the firewall.

Solution: Your client VM may not be on the right network. Verify that the IP is in 192.168.1.1. If it is not, ask the instructor or TA to move the client on your VLAN.

If you are not getting to the internet or your