Here’s a list of OPNsense Lab Topics you can use to design labs with various use cases, covering basic to advanced configurations:
I. Beginner-Level Labs
1. Installing and Initial Setup of OPNsense
Installing OPNsense on virtual or physical hardware.
Configuring WAN, LAN, and basic network interfaces.
2. Basic Firewall Rules
Allowing/blocking traffic between LAN and WAN.
Understanding rule priority and default deny policies.
3. Configuring NAT (Network Address Translation)
Implementing outbound NAT for internet access.
Port forwarding for hosting services like HTTP and SSH.
4. Creating and Managing User Accounts
Adding admin and read-only users.
Configuring access control for the web interface.
5. Setting Up DHCP Server
Configuring DHCP for LAN clients.
Static IP reservations for devices.
II. Intermediate-Level Labs
6. VLAN Configuration
Creating VLANs for network segmentation.
Assigning VLANs to interfaces and setting up inter-VLAN routing.
7. Site-to-Site VPN with OPNsense
Configuring an IPsec VPN between two OPNsense firewalls.
Testing secure communication across two networks.
8. OpenVPN Remote Access Configuration
Setting up an OpenVPN server for secure remote access.
Testing connectivity using a client.
9. Creating a DMZ (Demilitarized Zone)
Isolating public-facing servers using a DMZ network.
Allowing selective traffic from WAN to DMZ.
10. Captive Portal Setup
Setting up a captive portal for guest networks.
Authenticating users with local or RADIUS servers.
III.Advanced-Level Labs
11. High Availability (HA) and Failover
Configuring CARP for failover between two OPNsense firewalls.
Synchronizing configuration using XMLRPC Sync.
12. Intrusion Detection/Prevention System (IDS/IPS)
Enabling Suricata for intrusion detection.
Setting up alerts and blocking malicious traffic.
13. Traffic Shaping and Bandwidth Management
Configuring QoS to prioritize certain types of traffic.
Limiting bandwidth for specific IP ranges or applications.
14. Zero Trust Network Segmentation
Implementing granular rules for east-west traffic control.
Denying access between VLANs and enabling specific services.
15. DNS Server Configuration with Unbound/DNS Resolver
Setting up DNS resolver for LAN clients.
Enforcing DNS-based content filtering using blacklists.
IV. Specialized Labs
16. Setting Up OPNsense as a Transparent Firewall
Configuring OPNsense to filter traffic without routing.
Testing traffic filtering between two networks.
17. Load Balancing and Failover (Multi-WAN)
Configuring multiple WAN connections.
Testing automatic failover and load balancing.
18. Blocking Malicious Domains with GeoIP Filtering
Enabling GeoIP filtering to block traffic from specific countries.
Creating aliases for automated updates.
19. Protecting IoT Networks with Segmentation
Isolating IoT devices from the main LAN network.
Allowing limited internet access for IoT devices.
20. Centralized Logging with Syslog Server
Sending logs to a centralized syslog server (e.g., Graylog/ELK).
Configuring log monitoring and alerts.
V. Real-World Scenarios
21. Web Content Filtering for Schools/Offices
Using OPNsense for URL filtering and blocking inappropriate websites.
Testing filtering with a transparent proxy.
22. Firewall Hardening and Security Best Practices
Restricting access to the OPNsense web interface.
Implementing secure passwords and MFA.
23. DDoS Protection and Rate Limiting
Configuring OPNsense to mitigate DDoS attacks.
Limiting the number of connections per IP.
24. Monitoring Traffic with NetFlow/Insight
Enabling NetFlow for network traffic analysis.
Using the Insight tool for troubleshooting.
25. Integrating OPNsense with Active Directory
Authenticating users with an Active Directory server.
Testing user-specific policies based on AD groups.