It's from a Best Practice policy I picked up from Cisco And no network is too small to follow Best Practices

Good to hear this was helpful. Thanks for the feedback

Thank you for the feedback, it is much appreciated And I'm glad to hear you found the video helpful But yes, even if you have lots of experience, it is still easy to overlook something

@@TechTutorialsDavidMcKone Did you ever play marbles with the thin-coax resistor caps during downtime in the office? We sure did!

That's a good way to resolve that. Thanks

I'm really glad to hear you found it useful

@@TechTutorialsDavidMcKone I hope you don't mind helping me out a bit. I'm attempting to repeat your actions through Virtual Box instead of Exsi. I'm not sure if it would still give the same result? I was unable to successfully provide DHCP ips. to each VLans.

@@silentbyte33 What is the Network Adapter in the VM attached to because if it's set to NAT for instance, the default setting, that could be the problem?

@@TechTutorialsDavidMcKone I have it set to Internal Network Only.

@@silentbyte33 It doesn't look like Virtual Box supports VLANs so I would do something similar to what I did in the "How To Install And Configure pfSense Firewall" videos In that situation I created multiple virtual switches in ESXi and gave the pfSense VM multiple network cards, each connected to a different network From the firewall's perspective these are the same as physical interfaces so you don't create any VLANs For Virtual Box these would be different Internal Networks By default there will be an Internal Network called intnet but you change that and when you place the interface into a different network So, pfSense could have Adapter 1 connected to one called WAN, Adapter 2 connected to LAN, Adapter 3 connected to IOT, etc I guess the only problem is you're limited to having only 4 network adapters But it's then a matter of assigning other VMs to the relevant Internal Network by selecting the name from the drop down menu

Thanks for the feedback. Glad to hear you found this useful

Unfortunately not as I've been involved in networking for so long time that I avoid bridging. I'll look to post a video on VLANs on switches though in case it helps

I find it easier to keep the VLAN work within Proxmox You'll have to configure them there anyway to talk to the physical switch So add NICs to the VM and give these the relevant VLAN ID there OPNSense then just sees multiple NICs, same as it would in a physical computer

@@TechTutorialsDavidMcKone Thank you brother. I am going to try this. You can imagine: my only time when I can play with this is... before the family wakes up so I am recently waking up at 4am to play till 7am. ;-)

If you watch my two part video "How To Install And Configure pfSense Firewall" it covers setting it up with multiple interfaces instead of using VLANs I did use a virtual machine but the process is the same as for a physical machine The only challenge is the initial set up because pfSense only allows access from what you pick as the LAN interface at the start The default rules won't allow access through any other interface So you could set Igb0 as the LAN interface and change the name afterwards, like I showed, but it is extra work Or you could set Igb2 as the LAN interface, finish the set up through that interface, then allow access from Igb0 and take it away from Igb2 (LAN) Personally I remove the anti-lockout rule as it's too open, so I always end up creating a specific management rule anyway, so I would go for that last option

@@TechTutorialsDavidMcKone I did watch both of them, and am using them as a configuration guide. I will rewatch them again before I start my setup. Will share how it goes

You can re-enable the rule by going to System/Advanced/Admin Access Clear the option labelled Anti-Lockout and save the changes But it will only be applied to your LAN interface i.e. the internal interface created when pfSense was built For me it's too open and I prefer to have more control over access I so create my own management rule so that I can pick the management interface and restrict access to specific devices

Check out my two part video on setting up VLANs as that might help If you configure pfSense for instance with multiple VLANs on an interface, the switch port needs to be configured as a trunk It varies depending on the vendor and even Cisco switches do it differently depending on which department brand you use In part 1 (kzbin.info/www/bejne/jXqmaKR7rbGMiZI) I go over the details and in part 2 (kzbin.info/www/bejne/enLMlZp4bruoZ9U) I cover some different vendor configurations, beginning with a Cisco business switch which is managed via the GUI

Can you be more specific, as I'm not quite sure what you mean? The firewall supports trunk links meaning a single interface can be configured to handle multiple VLANs, each represented by a VLAN interface Each VLAN interface can then be connected to a different WAN e.g. via a router But the firewall will need to be configured with routing to tell it what networks are available at the end of each WAN

@@TechTutorialsDavidMcKone I want to add a VPN to each vlan I've got 2 vlan working but can't figure out how to add VPN to each of them.

Thanks for the feedback Could you point out any particular areas you think could be improved or where mistakes were made? Because I really appreciate constructive criticism so that I can address these in future videos My goal is to provide information that will help others but also to give me something to refer back to at a later date, so if something is wrong or could be done better, do please point that out As for the donation links, let me try to clarify I assume you'll realise that the videos are freely available via the KZbin platform? For this channel, I don't make part of a video available and then force a viewer to pay to see the rest of it. Doing so would defeat my main objective of providing free IT information and guidance Now I do make videos in parts because A) This channel is not a source of income e.g. at the moment there isn't even any funding from KZbin and so it is not an occupation for me B) My main source of income i.e. my day job takes up most of my time, so I have very limited amounts of time to make even a single video for this channel C) My assumption is people are particularly interested in certain parts of a technology e.g. they might get stuck when trying to do something. So by breaking things down into parts, I hope to make it easier for them to find what they are looking for D) Similarly, I want to help those just getting started, but a very long video is time consuming and harder to digest, which makes it harder to then understand how things work and can be configured To be clear, every video I make for this channel will be available on the KZbin platform for free viewing, but it depends on the time it takes for me to produce them as well my own direction of production as to when they'll be available for viewing Now whilst I do spend my own money on my own IT training, because it's my career, the goal of this channel is to make what I've been learning freely available to others So unlike an IT training company for instance, there is no obligation to pay for any of the content or the work that goes into it making these videos Hopefully you'll understand when I say that somebody has to pay for the hardware, software, licensing, etc. which goes into the research, testing, recording and editing of these videos If the only funding is coming from the content creator themselves, then not surprisingly the options for content coverage on a channel like this and the amount of videos produced are limited, hence the reason why donation links exist And whilst funding would be beneficial to improve the channel, as long as I have a source of income from a job for instance to fund the channel myself, it should continue at this current rate of production