Setup of Zen Armor in OPNsense

Follow

stevefxp

• October 04, 2023 15:42

Hello all,

My OPNsense setup has 4 physical NICs, that are split into two groups for LAGG purposes. Should I be setting up Zen Armor on the individual NICs or the LAGGs?

Thanks,

Steve

0

• Official comment

  

  Matt

  • October 04, 2023 16:47

  Hi Steve,

  As of OPNsense 23.7.4, you can run on lagg interfaces. That should just work fine. 

  Comment actions Permalink
• 

  stevefxp

  • October 04, 2023 22:38

  Matt,

  This is great news. Another quick setup question. My OPNsense firewall is operating like a router on a stick. Everything beow it is L2, but on different vlans. Should I run Zen Armor as L2 or L3 with Netmap?

  Thanks,

  Steve

  0

  Comment actions Permalink
• 

  Matt

  • October 04, 2023 23:44

  Hi Steve,

  I'd suggest protecting LAN side of bridge interfaces and use L3 netmap mode (emulated). 

  0

  Comment actions Permalink
• 

  stevefxp

  • October 05, 2023 15:15

  Ok that makes sense...

  Last question. I have disabled the hardware CRC, TSO, and LRO offloads. Do I need to disable VLAN hardware filtering?

  Thanks,

  Steve

  0

  Comment actions Permalink
• 

  Salih

  • October 05, 2023 16:01

  Hi Steve,

  Yes, you also need to disable it.

  0

  Comment actions Permalink

Please sign in to leave a comment.