Initial Firewall Deployment & Access Control

Deploy OPNsense firewall, validate WAN/LAN connectivity, confirm anti-lockout safeguards, and restrict administrative access.

Tools Used

OPNsense Firewall (latest stable release: 25.7)
Web GUI (HTTPS access)
LAN/WAN interfaces
2FA for admin access, TOTP plus password(optional)

Steps Taken

Installed OPNsense on dedicated hardware using a ventoy usb with an OPNsense ISO.
Verified WAN connectivity (public IP assigned, outbound reachability).
Verified LAN connectivity (clients able to reach firewall GUI).
Confirmed anti-lockout rule exists by default (ensures GUI access from LAN).
Restricted GUI access to LAN only (disabled WAN GUI exposure).
Enabled 2FA for admin login to strengthen access control.

Screenshot: OPNsense Dashboard

OPNsense dashboard after install — Click to view full-size: OPNsense dashboard after initial deployment.

Screenshot: Interface Assignment

WAN and LAN interface assignment — Click to view full-size: WAN/LAN interface assignment during setup.

Screenshot: Anti-Lockout Rule

Anti-lockout firewall rule — Click to view full-size: Anti-lockout rule ensuring GUI access from LAN.

Screenshot: GUI Access Restriction

Restricting GUI access to LAN only — Click to view full-size: GUI restricted to LAN access only.

Screenshot: 2FA Configuration

2FA configuration for admin account — Click to view full-size: 2FA enabled for administrative access.

Outcome

Firewall successfully deployed with secure administrative access. WAN/LAN connectivity validated, anti-lockout safeguards confirmed, and GUI restricted to LAN with optional 2FA. This establishes a hardened baseline for further configuration.